luisgulo/BookStack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
BookStack/app/Http/Controllers
History
Dan Brown 349162ea13
Prevented possible XSS via link attachments 
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
2020-10-31 15:01:52 +00:00
..
Api
Added chapters to the API
2020-05-23 00:28:41 +01:00
Auth
Updated public-login redirect to check url
2020-07-28 16:29:06 +01:00
Images
Converted image-manager to be component/HTML based
2020-07-25 00:20:58 +01:00
AttachmentController.php
Prevented possible XSS via link attachments
2020-10-31 15:01:52 +00:00
AuditLogController.php
Added audit log interface
2020-09-19 12:06:45 +01:00
BookController.php
Reviewed #1688, Show parent shelves on books page
2020-04-09 17:29:22 +01:00
BookExportController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
BookshelfController.php
Updated view-change endpoints to be clearer, separated books and shelf
2020-04-10 12:49:16 +01:00
BookSortController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
ChapterController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
ChapterExportController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
CommentController.php
Updated comment md rendering to be server-side
2020-05-01 23:24:11 +01:00
Controller.php
Updated some comment elements and standardised more JS
2020-07-28 18:19:18 +01:00
HomeController.php
Updated shelf-list view to enforce view permissions for child books
2020-05-12 22:21:45 +01:00
MaintenanceController.php
Split out Maintenance to separate controller
2020-09-19 09:24:58 +01:00
PageController.php
Converted the page editor from vue to component
2020-07-05 21:18:17 +01:00
PageExportController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
PageRevisionController.php
Fixed revision issues caused by page fillable changes
2020-05-23 12:28:14 +01:00
PageTemplateController.php
Entity Repo & Controller Refactor (#1690)
2019-10-05 12:55:01 +01:00
PermissionController.php
Removed role 'name' field from database
2020-08-04 14:55:01 +01:00
SearchController.php
Converted search filters to not be vue based
2020-06-27 13:29:00 +01:00
SettingController.php
Split out Maintenance to separate controller
2020-09-19 09:24:58 +01:00
TagController.php
Finished moving tag-manager from a vue to a component
2020-06-29 22:11:03 +01:00
UserApiTokenController.php
Extracted API auth into guard
2019-12-30 14:51:28 +00:00
UserController.php
Removed role 'name' field from database
2020-08-04 14:55:01 +01:00