BookStack/app/Http/Controllers
Dan Brown 349162ea13
Prevented possible XSS via link attachments
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
Api Added chapters to the API 2020-05-23 00:28:41 +01:00
Auth Updated public-login redirect to check url 2020-07-28 16:29:06 +01:00
Images Converted image-manager to be component/HTML based 2020-07-25 00:20:58 +01:00
AttachmentController.php Prevented possible XSS via link attachments 2020-10-31 15:01:52 +00:00
AuditLogController.php Added audit log interface 2020-09-19 12:06:45 +01:00
BookController.php
BookExportController.php
BookshelfController.php
BookSortController.php
ChapterController.php
ChapterExportController.php
CommentController.php Updated comment md rendering to be server-side 2020-05-01 23:24:11 +01:00
Controller.php Updated some comment elements and standardised more JS 2020-07-28 18:19:18 +01:00
HomeController.php Updated shelf-list view to enforce view permissions for child books 2020-05-12 22:21:45 +01:00
MaintenanceController.php Split out Maintenance to separate controller 2020-09-19 09:24:58 +01:00
PageController.php Converted the page editor from vue to component 2020-07-05 21:18:17 +01:00
PageExportController.php
PageRevisionController.php Fixed revision issues caused by page fillable changes 2020-05-23 12:28:14 +01:00
PageTemplateController.php
PermissionController.php Removed role 'name' field from database 2020-08-04 14:55:01 +01:00
SearchController.php Converted search filters to not be vue based 2020-06-27 13:29:00 +01:00
SettingController.php Split out Maintenance to separate controller 2020-09-19 09:24:58 +01:00
TagController.php Finished moving tag-manager from a vue to a component 2020-06-29 22:11:03 +01:00
UserApiTokenController.php
UserController.php Removed role 'name' field from database 2020-08-04 14:55:01 +01:00