Removed default public visibility for images at the driver level,
leaving only doing this as a specific action in the logic.
Added try/catch around permission setting so that
permission-incompatible environments won't fatally fail, but instead
log a warning.
Tested via a google cloud storage bucket FUSE mount, mounted under another
user but with open 777 permissions.
Related to #5269
Allows files to be placed within a "public" folder within a theme
directory which the contents of will served by BookStack for access.
- Only "web safe" content-types are provided.
- A static 1 day cache time it set on served files.
For #3904
Added file creation reverting and DB rollback on error.
Added error display on failed import.
Extracted likely shown import form/error text to translation files.
Changes GIF image thumbnail handling to direcly load via gd instead of
going through interventions own handling (which supports frames) since
we don't need animation for our thumbnails, and since performance issues
could arise with GIFs that have large frame counts.
For #5029
Updated image loading for intervention library to be via a specific
'initFromBinary' method to avoid being overly accepting of input types
and mechansisms.
For CVE-2023-6199
- Moved thumnbail loading out of repo into ImageResizer.
- Updated gallery and editor image handling to show errors where
possible to indicate memory issues for resizing/thumbs.
- Updated gallery to load image data in a per-image basis via edit form
for more resiliant thumb/data fetching. Data was previously provided
via gallery listing, which could be affected by failing generation
of other images.
- Updated image manager double click handling to be more pleasant and
not flash away the edit form.
- Updated editor handlers to use main URL when thumbs fail to load.
Added since we can't always be sure of future image usage, and in many
cases we don't generate ahead-of-time.
Also:
- Simplified image handling on certain models.
- Updated various string handling operations to use newer functions.
- Added some level of app out-of-memory handling so we can show a proper
error message upon OOM events.
- Added endpoint and image-manager button/action for regenerating
thumbnails for an image so they can be re-created upon failure.
During review of #4560.
- Simplified command to share as much log as possible across different
run options.
- Extracted out user handling to share with MFA command.
- Added specific handling for disabled avatar fetching.
- Added mention of avatar endpoint, to make it clear where these avatars
are coming from (Protect against user expectation of LDAP avatar sync).
- Simplified a range of the testing.
- Tweaked wording and code formatting.
Added support for mulit-line endpoint descriptions via blank
intermediate lines in php controller method docblocks.
Also tweaks endpoint header design for better flexing and alignment.
Within the flow of HttpFetchException, the actual exception from curl is preserved and logged. Make HttpFetchException a pretty exception for when it is shown to users.
