Dan Brown [Wed, 31 Jan 2024 16:20:22 +0000 (16:20 +0000)]
Comments: Added HTML filter on load, tinymce elem filtering
- Added filter on load to help prevent potentially dangerous comment
HTML in DB at load time (if it gets passed input filtering, or is
existing).
- Added TinyMCE valid_elements for input wysiwygs, to gracefully degrade
content at point of user-view, rather than surprising the user by
stripping content, which TinyMCE would show, post-save.
Dan Brown [Tue, 30 Jan 2024 11:38:47 +0000 (11:38 +0000)]
WYSIWYG: Altered how custom head added to editors
Updated to parse and add as DOM nodes instead of innerHTML to avoid
triggering an update of all head content, which would throw warnings in
chromium in regard to setting the base URI.
This changes how initial searches can be handled via config rather than
specific action so they can be considered in how the initial data load
is done, to prevent the default empty state loading and overwriting the
search data if it lands later (which was commonly likely).
Dan Brown [Mon, 15 Jan 2024 13:36:04 +0000 (13:36 +0000)]
Uploads: Explicitly disabled s3 streaming in config
This was the default option anyway, just adding here for
better visibility of this being set.
Can't enable without issues as the app will attempt to seek which does
not work for these streams. Also have not tested on non-s3, s3-like
systems.
Dan Brown [Sat, 23 Dec 2023 13:35:57 +0000 (13:35 +0000)]
Permissions: Updated generation querying to be more efficient
Query of existing entity permissions during view permission generation
could cause timeouts or SQL placeholder limits due to massive whereOr
query generation, where an "or where" clause would be created for each
entity type/id combo involved, which could be all within 20 books.
This updates the query handling to use a query per type involved, with
no "or where"s, and to be chunked at large entity counts.
Also tweaked role-specific permission regen to chunk books at
half-previous rate to prevent such a large scope being involved on each
chunk.
Dan Brown [Thu, 21 Dec 2023 13:23:52 +0000 (13:23 +0000)]
Input WYSIWYG: Updated API to show/accept html descriptions
Also aligned books, shelves and chapters to return description content
and some relations (where not breaking API) in create/update responses
also so that information can be seen direct from that input in a
request.
Dan Brown [Mon, 18 Dec 2023 16:23:40 +0000 (16:23 +0000)]
Input WYSIWYG: Added reference store & fetch handling
For book, shelves and chapters.
Made much of the existing handling generic to entity types.
Added new MixedEntityListLoader to help load lists somewhat efficiently.
Only manually tested so far.
Dan Brown [Sun, 17 Dec 2023 15:02:15 +0000 (15:02 +0000)]
Input WYSIWYG: Added description_html field, added store logic
Rolled out HTML editor field and store logic across all target entity
types. Cleaned up WYSIWYG input logic and design.
Cleaned up some injected classes while there.
Dan Brown [Sat, 16 Dec 2023 14:03:12 +0000 (14:03 +0000)]
Design: Updated buttons to be a bit friendlier
Old all-caps button design made them a bit angry, and kinda odd and
outdated. This updates them to use their original source text casing
(which may help for translation variations) while being a bit rounder
with a better defined shadow for outline buttons.
Dan Brown [Sat, 16 Dec 2023 12:22:40 +0000 (12:22 +0000)]
WYSWIYG: Allowed video/embed alignment controls
Required a lot of working around TinyMCE since it added a
preview/wrapper element in the editor which complicates things.
Added view new "fixes.js" file so large hacks to default TinyMCe
functionality are kept in one place.
Dan Brown [Wed, 13 Dec 2023 15:11:42 +0000 (15:11 +0000)]
Users API: Fixed sending invite when using form requests
- Cast send_invite value in cases where it might not have been a boolean,
which occurs on non-JSON requests.
- Added test to cover.
- Updated API docs to mention and shown boolean usage.
Dan Brown [Tue, 12 Dec 2023 15:38:09 +0000 (15:38 +0000)]
Default templates: Cleaned up ux, added case for added endpoint
Cleaned up and updated page picker a bit, allowing longer names to show,
clicking through to item without triggering popup, and updated to use
hidden attributes instead of styles.
Added phpunit tests to cover supporting entity-selector-templates
endpoint.
Dan Brown [Mon, 11 Dec 2023 15:55:43 +0000 (15:55 +0000)]
Default templates: Added page picker and working forms
- Adapted existing page picker to be usable elsewhere.
- Added endpoint for getting templates for entity picker.
- Added search template filter to support above.
- Updated book save handling to check/validate submitted template.
- Allows non-visible pages to flow through the save process, if not
being changed.
- Updated page deletes to handle removal of default usage on books.
- Tweaked wording and form styles to suit.
- Updated migration to explicity reflect default value.
Swapped back handling to instead be pre-determined instead of being
based upon session/referrer which would cause inconsistent results when
referrer data was not available (redirect to app-loaded images/files).
To support, this adds a mechansism to provide a URL through request
data.
Also cleaned up some imports in code while making changes.
Closes #4656.
Dan Brown [Sat, 9 Dec 2023 10:49:28 +0000 (10:49 +0000)]
Depenencies: Updated NPM packages
Avoided updating markdown-it package to 14 for now since it would cause
bundle size to inflate. Don't think ESBuild is properly tree shaking
"entities" sub package which inflates size.
Dan Brown [Fri, 8 Dec 2023 18:38:52 +0000 (18:38 +0000)]
SAML2: Fixed non-spec point of logout, Improved redirect location
This changes the point-of-logout to be within the initial part of the
SAML logout flow, as per 5.3.2 of the SAML spec, processing step 2.
This also improves the logout redirect handling to use the global
redirect suggestion so that auto-login handling is properly taken into
account.
Added tests to cover.
Manual testing performed against keycloak.
For #4713
Dan Brown [Thu, 7 Dec 2023 17:45:17 +0000 (17:45 +0000)]
OIDC RP Logout: Fixed issues during testing
- Disabled by default due to strict rejection by auth systems.
- Fixed issue when autoloading logout URL, but not provided in
autodiscovery response.
- Added proper handling for if the logout URL contains a query string
already.
- Added extra tests to cover.
- Forced config endpoint to be used, if set as a string, instead of
autodiscovery endpoint.
Extracted logout to the login service so the logic can be shared instead
of re-implemented at each stage. For this, the SocialAuthService was
split so the driver management is in its own class, so it can be used
elsewhere without use (or circular dependencies) of the
SocialAuthService.
Dan Brown [Tue, 5 Dec 2023 18:53:48 +0000 (18:53 +0000)]
RTL: Made a range of fixes & improvments for RTL text
- Updated HTML exports to have auto direction to properly react to RTL
text when in the content.
- Fixed RTL spacing issues in new editor design changes.
- Fixed pointer arrow being angled wrong on RTL languages.
Dan Brown [Mon, 27 Nov 2023 21:38:43 +0000 (21:38 +0000)]
Includes: Added back support for parse theme event
Managed to do this in an API-compatible way although resuling output may
differ due to new dom handling in general, although user content is used
inline to remain as comptable as possible.
Dan Brown [Mon, 27 Nov 2023 19:54:47 +0000 (19:54 +0000)]
Includes: Switched page to new system
- Added mulit-level depth parsing.
- Updating usage of HTML doc in page content to be efficient.
- Removed now redundant PageContentTest cases.
- Made some include system fixes based upon testing.
Expanded tests with many more cases, and added fixes for failed
scenarios.
Updated logic to specifically handling parent <p> tags, and now assume
compatibility with parent block types elswhere to allow use in a
variety of scenarios (td, details, blockquote etc...).
Dan Brown [Fri, 24 Nov 2023 23:39:16 +0000 (23:39 +0000)]
Includes: Added block-level handling to new include system
Implements block promoting to body (including position choosing based
upon likely tag position within parent) and block splitting where we're
only a single depth down from the body child.
Dan Brown [Sun, 19 Nov 2023 16:34:29 +0000 (16:34 +0000)]
Images: Forced intervention loading via specific method
Updated image loading for intervention library to be via a specific
'initFromBinary' method to avoid being overly accepting of input types
and mechansisms.
Dan Brown [Tue, 14 Nov 2023 17:23:05 +0000 (17:23 +0000)]
HTML: Tweaked output from full HtmlDocument
Saves specifically the document element on output to HTML, since this
results in just the outer HTML being saved while not including the extra
XML tags which would show up before with the changes to force utf8
usage.
Dan Brown [Tue, 14 Nov 2023 15:46:32 +0000 (15:46 +0000)]
HTML: Aligned and standardised DOMDocument usage
Adds a thin wrapper for DOMDocument to simplify and align usage within
all areas of BookStack.
Also means we move away from old depreacted mb_convert_encoding usage.
Dan Brown [Tue, 14 Nov 2023 10:31:44 +0000 (10:31 +0000)]
Notifications: Review of PR to include path path #4629
- Merged book and chapter name items to a single page path list item
which has links to parent page/chapter.
- Added permission filtering to page path elements.
- Added page path to also be on comment notifications.
- Updated testing to cover.
- Added new Message Line objects to support.
Dan Brown [Tue, 7 Nov 2023 15:07:11 +0000 (15:07 +0000)]
Dropdowns: Fixed bad direction logic, added dynmaic height
Changes since adding notifications would cause direction to be assessed
upon max height of 80vh, which caused large dropdowns like the audit log
dropdown to drop up and/or go offscreen.
This restores the default assessment of 500px, and adds dynamic
max-height adjustment to provide more room for large dropdowns.
projects / bookstack / log