github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-05-28 19:06:39 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Prevented page text content includes

Browse Source 
Avoids possible permission issues where included content shown in search or preview
where the user would not normally have permission to view the included content.

Closes #1178
This commit is contained in:
Dan Brown
2019-01-05 17:18:40 +00:00
parent ffceb4092e
commit 0e0a17cc30
3 changed files with 47 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/Entity/PageContentTest.php
View File

@ -40,15 +40,18 @@ class PageContentTest extends TestCase
{
$page = Page::first();
$secondPage = Page::where('id', '!=', $page->id)->first();
$this->asEditor();
$page->html = "<p>{{@$secondPage->id}}</p>";
$includeTag = '{{@' . $secondPage->id . '}}';
$page->html = '<p>' . $includeTag . '</p>';
$resp = $this->put($page->getUrl(), ['name' => $page->name, 'html' => $page->html, 'summary' => '']);
$resp->assertStatus(302);
$page = Page::find($page->id);
$this->assertContains("{{@$secondPage->id}}", $page->html);
$this->assertContains($includeTag, $page->html);
$this->assertEquals('', $page->text);
}
public function test_page_includes_do_not_break_tables()