Commit graph

3081 commits

Author SHA1 Message Date
Dan Brown
5c7eb0df57
Caught old string helper function usage
Found by Laravel Shift Workbench
2021-09-26 15:41:11 +01:00
Dan Brown
c32b315cd7
Standardised facade usage to use via their FQCN
Done via Laravel Shift Workbench
2021-09-26 15:37:55 +01:00
Zero
c0da5616f3 Fix coding style 2021-09-23 11:07:13 +08:00
Zero
6418824139 Update translation file 2021-09-20 11:29:14 +08:00
Zero
b834f58e87 Add user IP into audit table 2021-09-20 11:29:14 +08:00
Zero
8efaeb068b Save user IP to audit log 2021-09-20 11:29:14 +08:00
Zero
5cf0c99e32 Add IP column 2021-09-20 11:29:14 +08:00
floviolleau
dbfa2d58ed
Allow to use DB tables prefix 2021-09-19 14:33:54 +02:00
floviolleau
f8abad1e3b
Allow to use DB tables prefix 2021-09-19 14:32:35 +02:00
floviolleau
1a8ae41263
Allow to use DB tables prefix 2021-09-19 14:31:18 +02:00
floviolleau
00af40ab14
Allow to use DB tables prefix 2021-09-19 14:28:57 +02:00
Dan Brown
ffdfdc7449
Fixed dodgy test helper signature causing tests to fail
Just needed some argument defaults to make them optional for existing
uses.
2021-09-18 21:29:42 +01:00
Dan Brown
ba075b46f9
Merge pull request #2928 from BookStackApp/browserkit_removal
Convert old BrowserKit tests
2021-09-18 21:28:16 +01:00
Dan Brown
c08c8d7aa3
Applied styleci style changes 2021-09-18 21:21:44 +01:00
Dan Brown
6454e24657
Removed browserkit testing from project
Converted last bits of the roles tests and removed dependancies.
Updated other PHP dependancies at the same time.
2021-09-18 21:20:38 +01:00
Dan Brown
d74255df5d
Started updating RolesTest away from Browserkit 2021-09-18 00:33:03 +01:00
Dan Brown
a4d9bca9e1
Converted AuthTest away from BrowserKit
Moved some user managment tests out to more relevant classess along the
way.
Found some tweaks to make for email confirmation routing as part of
this.
2021-09-17 23:44:54 +01:00
Dan Brown
90c759e5ca
Rewrote entity permissions tests to be non-browser-kit 2021-09-17 22:35:28 +01:00
Dan Brown
5d93dd258e
Finished moving EntityTests out to new TestCase files 2021-09-17 21:29:16 +01:00
Dan Brown
de8cceb0f7
Moved more tests out of EntityTest 2021-09-15 22:18:37 +01:00
Dan Brown
8a7408bd31
Fixed social auth login audit log messages
Was logging the whole social account instance instead of just the
method.
Updated tests to cover.

Fixes #2930
2021-09-15 20:55:10 +01:00
Dan Brown
121a746d59
Moved/Updated old Activity tracking tests, started on entity tests
Started moving old EntityTests into more appropriate places within
non-browserkit-test classes. Still many more to do.
2021-09-13 23:26:39 +01:00
Dan Brown
badaf08e55
Removed browserkit from a couple of classess
Done a little reorganisation while there of misplaced tests.
Moved MarkdownTest to a new PageEditorTest to avoid confusion with
other markdown elements and to align with other page tests.
2021-09-13 22:54:21 +01:00
Dan Brown
8565187138
Added border to generated TOTP QR code
To fix QR code not being scannable when in dark mode due to
lack of border matching background of QR code.

Fixes #2925
2021-09-13 14:23:54 +01:00
Dan Brown
2eafd8335c
Updated translators for v21.08.3 2021-09-12 16:25:33 +01:00
Dan Brown
e2f9089f56
New Crowdin updates (#2915)
* New translations auth.php (Spanish)

* New translations activities.php (Italian)

* New translations settings.php (Italian)

* New translations entities.php (Italian)

* New translations validation.php (Italian)

* New translations activities.php (Danish)

* New translations auth.php (Danish)

* New translations common.php (Danish)

* New translations settings.php (Danish)

* New translations entities.php (Danish)

* New translations auth.php (Danish)

* New translations common.php (Danish)

* New translations errors.php (Danish)

* New translations validation.php (Danish)

* New translations activities.php (Russian)

* New translations auth.php (French)

* New translations auth.php (French)

* New translations settings.php (French)

* New translations entities.php (French)

* New translations auth.php (French)
2021-09-12 16:25:05 +01:00
Dan Brown
ef459ca4c4
Altered the parsing of custom head to prevent htmlentities on content
Was causing things like emjoi within script content to be somewhat
mangled. Instead we force UTF8 only parsing via XML declaration.

Added test to cover.

For #2923
2021-09-12 16:19:17 +01:00
Dan Brown
fb80bb5d58
Applied latest styleci changes 2021-09-06 22:19:06 +01:00
Dan Brown
88c698796b
Fixed issue with HTML tags in custom head scripts
Fixes a strange issue of HTML tags within script tags being malformed
when part of the HTML custom head content due to the PHP parsing we do.
DOMDocument seemed to cause this upon load.
Adding LIBXML_SCHEMA_CREATE to the ->loadHTML call seems to fix this but
not really sure why. Doesn't seem to cause further issues though.
Tested with multiple scripts and styles and comments and meta tags.

- Also added new testing class to cover.
- As part of testing, added new folder within tests to house setting
  specific tests.

For #2914
2021-09-05 23:52:39 +01:00
Dan Brown
d815e1b9f2
Merge branch 'html-filtering' 2021-09-04 14:53:46 +01:00
Dan Brown
492af79c27
Added a couple of additional CSP rules
As per guidance from google's CSP evaluator.
2021-09-04 14:34:43 +01:00
Dan Brown
253f386f00
Finished off script CSP rules
- Added caching for custom html head parsing to add nonce.
- Also moved api docs page into web routes to prevent issues.
2021-09-04 13:57:04 +01:00
Dan Brown
fd44e4ba74
Started application of CSP headers 2021-09-03 23:32:42 +01:00
Dan Brown
040997fdc4
Added filter for xlink:href svg xss
Simply remove all such attributes
2021-09-03 22:34:49 +01:00
Dan Brown
5e6092aaf8
Added extra HTML filtering of dangerous content
In particular, That around the casing of dangerous values within
attributes. This uses some xpath translation to handle different casing
in contains searching.
2021-09-02 22:02:30 +01:00
Dan Brown
a579b7da21
Updated translator attribution before release v21.08.1 2021-09-02 21:11:23 +01:00
Dan Brown
bc34914ac1
New Crowdin updates (#2906)
* New translations auth.php (Chinese Simplified)

* New translations auth.php (Chinese Simplified)

* New translations validation.php (Chinese Simplified)

* New translations activities.php (Latvian)

* New translations auth.php (Latvian)

* New translations common.php (Latvian)

* New translations validation.php (Latvian)

* New translations entities.php (Latvian)

* New translations activities.php (Polish)
2021-09-02 21:07:31 +01:00
Dan Brown
7028025380
Made the TOTP URL visible during setup
Useful for some non-scanner type apps.
Closes #2908
2021-09-01 20:58:19 +01:00
Dan Brown
ff494be952
Fixed lack of proper ordering of pages
Added test to cover
Fixes #2905
2021-09-01 20:30:02 +01:00
Dan Brown
173f728e4a
Updated translator attribution before release v21.08 2021-08-31 22:05:16 +01:00
Dan Brown
9772b2f69d
Applied stylci changes 2021-08-31 22:03:51 +01:00
Dan Brown
c0f4cf4b5c
Merge branch 'master' of github.com:BookStackApp/BookStack 2021-08-31 21:59:37 +01:00
Dan Brown
cc1f46cbf4
New Crowdin updates (#2893)
* New translations settings.php (Chinese Traditional)

* New translations settings.php (Indonesian)

* New translations settings.php (Swedish)

* New translations settings.php (Turkish)

* New translations settings.php (Ukrainian)

* New translations settings.php (Chinese Simplified)

* New translations settings.php (Vietnamese)

* New translations settings.php (Portuguese, Brazilian)

* New translations settings.php (Persian)

* New translations settings.php (Slovak)

* New translations settings.php (Spanish, Argentina)

* New translations settings.php (Croatian)

* New translations settings.php (Latvian)

* New translations settings.php (Bosnian)

* New translations settings.php (Norwegian Bokmal)

* New translations settings.php (German Informal)

* New translations settings.php (Slovenian)

* New translations settings.php (Russian)

* New translations settings.php (French)

* New translations settings.php (German)

* New translations settings.php (Spanish)

* New translations settings.php (Arabic)

* New translations settings.php (Bulgarian)

* New translations settings.php (Catalan)

* New translations settings.php (Czech)

* New translations settings.php (Danish)

* New translations settings.php (Hebrew)

* New translations settings.php (Portuguese)

* New translations settings.php (Hungarian)

* New translations settings.php (Italian)

* New translations settings.php (Japanese)

* New translations settings.php (Korean)

* New translations settings.php (Dutch)

* New translations settings.php (Polish)

* New translations settings.php (Lithuanian)

* New translations activities.php (German)

* New translations auth.php (German)

* New translations common.php (German)

* New translations settings.php (German)

* New translations validation.php (German)

* New translations settings.php (French)

* New translations validation.php (French)

* New translations activities.php (French)

* New translations auth.php (French)

* New translations common.php (French)

* New translations activities.php (Norwegian Bokmal)

* New translations auth.php (Norwegian Bokmal)

* New translations auth.php (Norwegian Bokmal)

* New translations common.php (Norwegian Bokmal)

* New translations settings.php (Norwegian Bokmal)

* New translations validation.php (Norwegian Bokmal)

* New translations auth.php (French)

* New translations entities.php (Chinese Traditional)

* New translations entities.php (Indonesian)

* New translations entities.php (Swedish)

* New translations entities.php (Turkish)

* New translations entities.php (Ukrainian)

* New translations entities.php (Chinese Simplified)

* New translations entities.php (Vietnamese)

* New translations entities.php (Portuguese, Brazilian)

* New translations entities.php (Persian)

* New translations entities.php (Slovak)

* New translations entities.php (Spanish, Argentina)

* New translations entities.php (Croatian)

* New translations entities.php (Latvian)

* New translations entities.php (Bosnian)

* New translations entities.php (Norwegian Bokmal)

* New translations entities.php (German Informal)

* New translations entities.php (Slovenian)

* New translations entities.php (Russian)

* New translations entities.php (French)

* New translations entities.php (German)

* New translations entities.php (Spanish)

* New translations entities.php (Arabic)

* New translations entities.php (Bulgarian)

* New translations entities.php (Catalan)

* New translations entities.php (Czech)

* New translations entities.php (Danish)

* New translations entities.php (Hebrew)

* New translations entities.php (Portuguese)

* New translations entities.php (Hungarian)

* New translations entities.php (Italian)

* New translations entities.php (Japanese)

* New translations entities.php (Korean)

* New translations entities.php (Dutch)

* New translations entities.php (Polish)

* New translations entities.php (Lithuanian)

* New translations entities.php (Spanish)

* New translations settings.php (Chinese Traditional)

* New translations settings.php (Indonesian)

* New translations settings.php (Swedish)

* New translations settings.php (Turkish)

* New translations settings.php (Ukrainian)

* New translations settings.php (Chinese Simplified)

* New translations settings.php (Vietnamese)

* New translations settings.php (Portuguese, Brazilian)

* New translations settings.php (Persian)

* New translations settings.php (Slovak)

* New translations settings.php (Spanish, Argentina)

* New translations settings.php (Croatian)

* New translations settings.php (Latvian)

* New translations settings.php (Bosnian)

* New translations settings.php (Norwegian Bokmal)

* New translations settings.php (German Informal)

* New translations settings.php (Slovenian)

* New translations settings.php (Russian)

* New translations settings.php (French)

* New translations settings.php (German)

* New translations settings.php (Spanish)

* New translations settings.php (Arabic)

* New translations settings.php (Bulgarian)

* New translations settings.php (Catalan)

* New translations settings.php (Czech)

* New translations settings.php (Danish)

* New translations settings.php (Hebrew)

* New translations settings.php (Portuguese)

* New translations settings.php (Hungarian)

* New translations settings.php (Italian)

* New translations settings.php (Japanese)

* New translations settings.php (Korean)

* New translations settings.php (Dutch)

* New translations settings.php (Polish)

* New translations settings.php (Lithuanian)

* New translations settings.php (Spanish)

* New translations activities.php (Persian)

* New translations auth.php (Persian)

* New translations activities.php (Chinese Simplified)

* New translations auth.php (Chinese Simplified)

* New translations activities.php (Chinese Simplified)

* New translations auth.php (Chinese Simplified)

* New translations common.php (Chinese Simplified)

* New translations settings.php (Chinese Simplified)

* New translations validation.php (Chinese Simplified)

* New translations entities.php (Chinese Simplified)
2021-08-31 21:59:26 +01:00
Dan Brown
a641b4da2c
Swapped injected db instance with facade
Injected db instance was causing the DB connection to be
made a lot earlier than desired or required.
Swapped to a facade for now but ideally this extension of services needs
to be cleaned up with a better approach in general.
2021-08-31 21:50:23 +01:00
Dan Brown
4f85ce02c6
Updated php deps again 2021-08-31 20:56:07 +01:00
Dan Brown
9eb65dcd78
Updated the login redirect logic to ignore mfa routes 2021-08-31 20:54:43 +01:00
Dan Brown
bee5e2c7ca
Added untrusted server fetching control
WKHTMLtoPDF provides limited control for external fetching
so that will now be disabled by default unless
ALLOW_UNTRUSTED_SERVER_FETCHING=true is specifically set.
This new option will also control DOMPDF fetching.
2021-08-31 20:22:42 +01:00
Dan Brown
8f12c8bc99
Applied styleci changes 2021-08-30 21:32:07 +01:00
Dan Brown
2740603d99
Added back email confirmation check in middleware
During writing of the update notes, found that the upgrade path would be
tricky from a security point of view. If people were pending email
confirmation but had an active session, they could technically be
actively logged in after the next release.

Added middlware as an extra precaution for now.
2021-08-30 21:28:17 +01:00
Franke
07408ec112 Fixes for CodeStyle vol.2 2021-08-30 14:44:52 +02:00