Commit graph

27 commits

Author SHA1 Message Date
Dan Brown
85154fff69
Added an env configurable file upload size limit
Replaces the old suggestion of setting JS head 'window.uploadLimit'
variable. This new env option will be used by back-end validation and
front-end libs/logic too.

Limits already likely exist within prod environments at a PHP and
webserver level but this allows an app-level limit and centralises the
option on the BookStack side into the .env

Closes #3033
2021-11-14 22:03:22 +00:00
Dan Brown
06b5009842
Standardised laravel validation to be array based
Converted from string-only-based validation.
Array based validation works nicer once you have validation classess or
advanced validation options.
2021-11-05 00:26:55 +00:00
Dan Brown
a17be959d8
Applied latest styleci changes 2021-11-01 13:26:02 +00:00
Dan Brown
4360da03d4
Ran a pass through image and attachment routes
Added some stronger types, formatting changes and simplifications along
the way.
2021-11-01 11:17:30 +00:00
Dan Brown
32f6ea946f
Build out core attachments API controller
Related to #2942
2021-10-18 17:46:55 +01:00
Dan Brown
934a833818 Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
Dan Brown
3d5899d28c
Fixed issue with using old non-existing reference in controller
Also done a little code cleanup.
2021-06-13 14:16:09 +01:00
Dan Brown
888f435651
Added back-end attachments-in-browser support
A query string will cause attachments to be provided inline
with an appropriate mime type.
Remaining actions:
- Tests
- Front-end functionality
- Config option?
2021-06-06 00:51:06 +01:00
Dan Brown
5e01c30882
Aligned constructors across controller classes
Since they no longer needed to run the parent contructor
since the parent constructor was no longer needed.
2020-11-21 17:08:37 +00:00
Dan Brown
349162ea13
Prevented possible XSS via link attachments
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
Dan Brown
d41452f39c
Finished breakdown of attachment vue into components 2020-07-04 16:53:02 +01:00
Dan Brown
14b6cd1091
Started migration of attachment manager from vue
- Created new dropzone component.
- Added standard component event system using custom DOM events.
- Added tabs component.
- Added ajax-delete-row component.
2020-06-30 22:12:45 +01:00
Dan Brown
31f5786e01
Entity Repo & Controller Refactor (#1690)
* Started mass-refactoring of the current entity repos

* Rewrote book tree logic

- Now does two simple queries instead of one really complex one.
- Extracted logic into its own class.
- Remove model-level akward union field listing.
- Logic now more readable than being large separate query and
compilation functions.

* Extracted and split book sort logic

* Finished up Book controller/repo organisation

* Refactored bookshelves controllers and repo parts

* Fixed issues found via phpunit

* Refactored Chapter controller

* Updated Chapter export controller

* Started Page controller/repo refactor

* Refactored another chunk of PageController

* Completed initial pagecontroller refactor pass

* Fixed tests and continued reduction of old repos

* Removed old page remove and further reduced entity repo

* Removed old entity repo, split out page controller

* Ran phpcbf and split out some page content methods

* Tidied up some EntityProvider elements

* Fixed issued caused by viewservice change
2019-10-05 12:55:01 +01:00
Dan Brown
3281925375
Standardised how request is injected into controller methods
Puts it in-line with how Laravel recommend.
2019-09-15 18:53:30 +01:00
Dan Brown
85f330c79a
Extracted many page-specific repo methods into page-specific repo 2018-10-13 11:27:55 +01:00
Dan Brown
257a5a23ec
Fleshed out entity provided and optimized imports 2018-09-25 16:58:03 +01:00
Dan Brown
919660678b
Re-structured the app code to be feature based rather than code type based 2018-09-25 12:30:50 +01:00
Dan Brown
5c2e3f4e56
Extracted download response logic into controller method
Fixes incorrect 'Content-Disposition' header value.
Fixes #581
2018-09-22 11:34:09 +01:00
Dan Brown
a1ecdcacba
Fixed attachment error handling, Allowed all link types
Related to #812
2018-05-20 11:06:10 +01:00
Dan Brown
548dcd4db1
Fixed error when accessing non-authed attachment
Also updated attachment tests to use standard test-case.
Fixes #681
2018-02-11 12:37:02 +00:00
Dan Brown
8453191dfb
Finished refactor of entity repos
Removed entity-specific repos and standardised
the majority of repo calls to be applicable to
all entity types
2017-01-02 11:07:27 +00:00
Dan Brown
7f9de2c8ab
Started refactor to merge entity repos 2017-01-01 16:05:44 +00:00
Dan Brown
c9700e38e2
Created solution for JS translations
Also tidied up existing components and JS
2016-12-31 14:27:40 +00:00
Dan Brown
05316c90ba
converted image picker to blade-based component
Also updated some other JS translations
2016-12-24 15:21:19 +00:00
Dan Brown
573357a08c
Extracted text from logic files 2016-12-04 16:51:39 +00:00
Dan Brown
d3c7aada89
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00
Dan Brown
e639600ba5
Renamed files to attachments 2016-11-12 14:12:26 +00:00
Renamed from app/Http/Controllers/FileController.php (Browse further)