github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-06-13 23:42:57 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
3,836 Commits 13 Branches 210 Tags
user_permissions
Commit Graph

15 Commits

Author SHA1 Message Date
Dan Brown
1df7497c09 Added missing validation.file message 
- Included test to cover
- Also applied StyleCI fixes

Closes #3248
 2022-02-06 14:48:33 +00:00
Dan Brown
4597069083 Added Backup code verification logic 
Also added testing to cover as part of this in addition to adding the
core backup code handling required.

Also added the standardised translations for switching mfa mode and
adding testing for this switching.
 2021-08-02 16:35:37 +01:00
Dan Brown
916a82616f Complete base flow for TOTP setup 
- Includes DB storage and code validation.
- Extracted TOTP work to its own service file.
- Still needs testing to cover this side of things.
 2021-06-30 22:10:02 +01:00
Timo Förster
745d15d200 Allow uploads of files containing dots in filename. Closes BookStackApp/BookStack#2217 2021-03-04 22:27:20 +01:00
Dan Brown
349162ea13 Prevented possible XSS via link attachments 
This filters out potentially malicious javascript: or data: uri's coming
through to be attached to attachments.
Added tests to cover.

Thanks to Yassine ABOUKIR (@yassineaboukir on twitter) for reporting this
vulnerability.
 2020-10-31 15:01:52 +00:00
Dan Brown
140298bd96 Updated to Laravel 5.8 2019-09-13 23:58:40 +01:00
Dan Brown
213e9d2941 Upgraded to Laravel 5.6 2019-09-06 22:14:39 +01:00
Dan Brown
79f6dc00a3 Change image-selector to not use manager 
- Now changes the images directly for user, system & cover.
- Extra permission checks added to edit & delete actions.
 2019-05-04 15:50:29 +01:00
Dan Brown
9879a0d12c Added helper text for no_double_extension validation 2019-03-24 19:40:45 +00:00
Dan Brown
f5fe524e6c Added extension whitelist for image uploads 
- A continuation of the security issues addressed in v0.25.3
 2019-03-21 19:43:15 +00:00
Dan Brown
37b91b6b0e Hardened image file validation by removing custom validation 
- Added test to check PHP files cannot be uploaded as an image.
 2019-03-20 23:59:55 +00:00
abijeet
9dba9ca178 Fixes tooltip on the image manager. 
Fixes #1186
 2019-01-27 19:43:31 +05:30
Dan Brown
86a00a59d4 Created sketchy translation formatter script 
Compares a translation file to a EN version to
place translations on matching line numbers and matches
up comments.
 2018-12-14 21:23:05 +00:00
Dan Brown
573357a08c Extracted text from logic files 2016-12-04 16:51:39 +00:00
Dan Brown
eaa1765c7a Initial commit 2015-07-12 20:01:42 +01:00