]>
BookStack Code Mirror - bookstack/log
Dan Brown [Mon, 1 Nov 2021 13:16:15 +0000 (13:16 +0000)]
New Crowdin updates (#3023)
Dan Brown [Sun, 31 Oct 2021 13:08:01 +0000 (13:08 +0000)]
Updated AzureAD provider to use microsoft graph
Dan Brown [Sat, 30 Oct 2021 10:51:49 +0000 (11:51 +0100)]
Updated sponsor link
Dan Brown [Fri, 29 Oct 2021 20:37:10 +0000 (21:37 +0100)]
Added sponsors to readme, updated license file
Dan Brown [Thu, 28 Oct 2021 14:55:13 +0000 (15:55 +0100)]
New Crowdin updates (#3014)
Dan Brown [Thu, 28 Oct 2021 14:54:00 +0000 (15:54 +0100)]
Made further changes to page image extraction validation
Dan Brown [Wed, 27 Oct 2021 11:29:01 +0000 (12:29 +0100)]
Added test to cover #3010
Dan Brown [Wed, 27 Oct 2021 11:21:27 +0000 (12:21 +0100)]
Merge branch 'master' of https://github.com/haxatron/BookStack into haxatron_upload_issue
Dan Brown [Wed, 27 Oct 2021 11:17:53 +0000 (12:17 +0100)]
New Crowdin updates (#3006)
Dan Brown [Tue, 26 Oct 2021 15:09:41 +0000 (16:09 +0100)]
Added security policy md file
Dan Brown [Tue, 26 Oct 2021 12:33:27 +0000 (13:33 +0100)]
Merge pull request #3008 from IndrekHaav/et-typo
Dan Brown [Tue, 26 Oct 2021 12:12:40 +0000 (13:12 +0100)]
Updated php deps
Indrek Haav [Tue, 26 Oct 2021 12:09:38 +0000 (15:09 +0300)]
Minor capitalisation fix for Estonian
Haxatron [Tue, 26 Oct 2021 01:39:16 +0000 (09:39 +0800)]
Update ImageRepo.php
Dan Brown [Mon, 25 Oct 2021 14:01:32 +0000 (15:01 +0100)]
New Crowdin updates (#3005)
Dan Brown [Mon, 25 Oct 2021 13:49:21 +0000 (14:49 +0100)]
Updated translators before v21.10 release
Dan Brown [Mon, 25 Oct 2021 13:49:03 +0000 (14:49 +0100)]
Added estonian to language logic
Dan Brown [Mon, 25 Oct 2021 12:51:27 +0000 (13:51 +0100)]
New Crowdin updates (#2983)
Dan Brown [Sat, 23 Oct 2021 21:03:03 +0000 (22:03 +0100)]
Tweaked sidepart list item padding, Review of #3000
Dan Brown [Sat, 23 Oct 2021 20:54:25 +0000 (21:54 +0100)]
Merge branch 'fix_sidebar_css' of https://github.com/ffranchina/BookStack into ffranchina-fix_sidebar_css
Dan Brown [Sat, 23 Oct 2021 16:26:01 +0000 (17:26 +0100)]
Reviewed SAML SLS changes for ADFS, #2902
Francesco Franchina [Thu, 21 Oct 2021 23:34:41 +0000 (01:34 +0200)]
Fixes padding issues of the sidebar's items
Dan Brown [Thu, 21 Oct 2021 13:04:23 +0000 (14:04 +0100)]
Merge branch 'master' of https://github.com/theodor-franke/BookStack into theodor-franke-master
Dan Brown [Wed, 20 Oct 2021 12:40:27 +0000 (13:40 +0100)]
Applied styleci changes
Dan Brown [Wed, 20 Oct 2021 12:38:35 +0000 (13:38 +0100)]
Merge pull request #2996 from BookStackApp/saml2_acs_session
Dan Brown [Wed, 20 Oct 2021 12:30:45 +0000 (13:30 +0100)]
Updated SAML ACS post to retain user session
Dan Brown [Wed, 20 Oct 2021 09:49:45 +0000 (10:49 +0100)]
Applied latest changes from styleCI
Dan Brown [Wed, 20 Oct 2021 09:46:35 +0000 (10:46 +0100)]
Merge pull request #2986 from BookStackApp/attachments_api
Dan Brown [Wed, 20 Oct 2021 09:46:06 +0000 (10:46 +0100)]
Adjusted API docs table
Dan Brown [Wed, 20 Oct 2021 09:43:03 +0000 (10:43 +0100)]
Added attachment API examples during manual testing
Dan Brown [Tue, 19 Oct 2021 23:58:56 +0000 (00:58 +0100)]
Added TestCase for attachments API methods
Dan Brown [Tue, 19 Oct 2021 14:15:35 +0000 (15:15 +0100)]
Fixed bug report yaml formatting
Dan Brown [Tue, 19 Oct 2021 13:52:00 +0000 (14:52 +0100)]
Update support_request.yml
Dan Brown [Tue, 19 Oct 2021 13:49:49 +0000 (14:49 +0100)]
Converted issues templates to forms
Dan Brown [Tue, 19 Oct 2021 13:07:45 +0000 (14:07 +0100)]
Update language_request.yml
Dan Brown [Tue, 19 Oct 2021 13:06:53 +0000 (14:06 +0100)]
Delete language_request.md
Dan Brown [Tue, 19 Oct 2021 13:05:34 +0000 (14:05 +0100)]
Create language_request.yml
Dan Brown [Mon, 18 Oct 2021 16:46:55 +0000 (17:46 +0100)]
Build out core attachments API controller
Dan Brown [Mon, 18 Oct 2021 10:43:54 +0000 (11:43 +0100)]
Added phpseclib to readme
Dan Brown [Mon, 18 Oct 2021 10:42:50 +0000 (11:42 +0100)]
Added base64 image extraction to markdown page content
Dan Brown [Sat, 16 Oct 2021 15:01:59 +0000 (16:01 +0100)]
Applied latest styles changes from style CI
Dan Brown [Sat, 16 Oct 2021 14:50:50 +0000 (15:50 +0100)]
Merge branch 'oidc'
Dan Brown [Fri, 15 Oct 2021 13:30:49 +0000 (14:30 +0100)]
Updated readme with latest version info
Dan Brown [Fri, 15 Oct 2021 13:17:32 +0000 (14:17 +0100)]
New Crowdin updates (#2980)
Dan Brown [Fri, 15 Oct 2021 13:16:45 +0000 (14:16 +0100)]
Applied latest styleci changes
Dan Brown [Fri, 15 Oct 2021 12:15:32 +0000 (13:15 +0100)]
Updated php dependancies
Dan Brown [Thu, 14 Oct 2021 17:02:16 +0000 (18:02 +0100)]
Fixed guest user email showing in TOTP setup url
Dan Brown [Thu, 14 Oct 2021 16:41:06 +0000 (17:41 +0100)]
Merge pull request #2977 from BookStackApp/custom_debug_view
Dan Brown [Thu, 14 Oct 2021 16:40:22 +0000 (17:40 +0100)]
Added testing to cover debug view
Dan Brown [Thu, 14 Oct 2021 14:33:08 +0000 (15:33 +0100)]
Added custom whoops-based debug view
Dan Brown [Thu, 14 Oct 2021 12:37:55 +0000 (13:37 +0100)]
Fixed lack of oidc discovery filtering during testing
Dan Brown [Wed, 13 Oct 2021 15:51:27 +0000 (16:51 +0100)]
Fleshed out testing for OIDC system
Dan Brown [Tue, 12 Oct 2021 22:04:28 +0000 (23:04 +0100)]
Renamed OIDC files to all be aligned
Dan Brown [Tue, 12 Oct 2021 22:00:52 +0000 (23:00 +0100)]
Added OIDC basic autodiscovery support
Dan Brown [Tue, 12 Oct 2021 15:48:54 +0000 (16:48 +0100)]
Added further OIDC core class testing
Dan Brown [Mon, 11 Oct 2021 23:01:51 +0000 (00:01 +0100)]
Added positive test case for OIDC implementation
Dan Brown [Mon, 11 Oct 2021 22:00:45 +0000 (23:00 +0100)]
Got OIDC custom solution to a functional state
Dan Brown [Mon, 11 Oct 2021 18:05:16 +0000 (19:05 +0100)]
Added token and key handling elements for oidc jwt
Dan Brown [Mon, 11 Oct 2021 09:25:28 +0000 (10:25 +0100)]
Merge pull request #2965 from Haxatron/master
Dan Brown [Sun, 10 Oct 2021 18:14:08 +0000 (19:14 +0100)]
Started on a custom oidc oauth provider
Haxatron [Sat, 9 Oct 2021 17:06:08 +0000 (01:06 +0800)]
Update dompdf.php
Dan Brown [Fri, 8 Oct 2021 22:19:37 +0000 (23:19 +0100)]
Added throttling to password reset requests
Dan Brown [Fri, 8 Oct 2021 21:24:32 +0000 (22:24 +0100)]
Updated translator attribution before release v21.08.5
Dan Brown [Fri, 8 Oct 2021 21:23:17 +0000 (22:23 +0100)]
Applied changes from styleci
Dan Brown [Fri, 8 Oct 2021 21:22:01 +0000 (22:22 +0100)]
New Crowdin updates (#2953)
Dan Brown [Fri, 8 Oct 2021 20:47:59 +0000 (21:47 +0100)]
Added testing to cover work done in last commit
Relevant to comments in
7224fbcc89f00f2b71644e36bb1b1d96addd1d5a .
Added test cases. Ensured they failed pre-commit.
Also tested a range of the altered endpoints manually on both local and
s3-like filesystems.
Dan Brown [Fri, 8 Oct 2021 16:47:14 +0000 (17:47 +0100)]
Added protections against path traversal in file system operations
- Files within the storage/ path could be accessed via path traversal
references in content, accessed upon HTML export.
- This addresses this via two layers:
- Scoped local flysystem filesystems down to the specific image &
file folders since flysystem has built-in checking against the
escaping of the root folder.
- Added path normalization before enforcement of uploads/{images,file}
prefix to prevent traversal at a path level.
Thanks to @Haxatron via huntr.dev for discovery and reporting.
Ref: https://huntr.dev/bounties/
ac268a17 -72b5-446f-a09a-
9945ef58607a /
Dan Brown [Fri, 8 Oct 2021 14:25:12 +0000 (15:25 +0100)]
Fixed search query issues when table prefixes are used
Dan Brown [Fri, 8 Oct 2021 14:22:09 +0000 (15:22 +0100)]
Forced response cache revalidation on logged-in responses
- Prevents authenticated responses being visible when back button
pressed in browser.
- Previously, 'no-cache, private' was added by default by Symfony which
would have prevents proxy cache issues but this adds no-store and a
max-age option to also invalidate all caching.
Thanks to @haxatron via huntr.dev
Ref: https://huntr.dev/bounties/
6cda9df9 -4987-4e1c-b48f-
855b6901ef53 /
Dan Brown [Wed, 6 Oct 2021 22:05:26 +0000 (23:05 +0100)]
Continued review of #2169
Dan Brown [Wed, 6 Oct 2021 16:12:01 +0000 (17:12 +0100)]
Started refactor for merge of OIDC
Dan Brown [Wed, 6 Oct 2021 12:17:30 +0000 (13:17 +0100)]
Merge branch 'openid' of https://github.com/jasperweyne/BookStack into jasperweyne-openid
Dan Brown [Wed, 6 Oct 2021 09:52:02 +0000 (10:52 +0100)]
Merge pull request #2957 from BookStackApp/dependabot/composer/composer/composer-2.1.9
dependabot[bot] [Tue, 5 Oct 2021 20:57:31 +0000 (20:57 +0000)]
Bump composer/composer from 2.1.8 to 2.1.9Signed-off-by: dependabot[bot] <redacted>
Dan Brown [Mon, 4 Oct 2021 19:26:55 +0000 (20:26 +0100)]
Reviewed and refactored additional editor draft save warnings
Dan Brown [Mon, 4 Oct 2021 16:10:40 +0000 (17:10 +0100)]
Merge branch 'conflict_warnings' of https://github.com/MatthieuParis/BookStack into MatthieuParis-conflict_warnings
Dan Brown [Mon, 4 Oct 2021 15:24:17 +0000 (16:24 +0100)]
Updated translator attribution before release v21.08.4
Dan Brown [Mon, 4 Oct 2021 15:22:16 +0000 (16:22 +0100)]
New Crowdin updates (#2926)
Dan Brown [Mon, 4 Oct 2021 10:26:26 +0000 (11:26 +0100)]
Allowed page includes on custom home
Dan Brown [Wed, 29 Sep 2021 22:53:11 +0000 (23:53 +0100)]
Applied StyleCI changes
Dan Brown [Wed, 29 Sep 2021 17:41:11 +0000 (18:41 +0100)]
Reviewed addition to db table prefix
Dan Brown [Wed, 29 Sep 2021 17:13:38 +0000 (18:13 +0100)]
Merge branch 'floviolleau-db-prefixes' of https://github.com/floviolleau/BookStack into floviolleau-floviolleau-db-prefixes
Dan Brown [Sun, 26 Sep 2021 16:18:12 +0000 (17:18 +0100)]
Reviewed adding IP recording to activity & audit log
Dan Brown [Sun, 26 Sep 2021 15:17:28 +0000 (16:17 +0100)]
Merge branch 'log-ip-address' of https://github.com/johnroyer/BookStack into johnroyer-log-ip-address
Dan Brown [Sun, 26 Sep 2021 14:49:25 +0000 (15:49 +0100)]
Applied style ci changes again
Dan Brown [Sun, 26 Sep 2021 14:48:22 +0000 (15:48 +0100)]
Applied styleci changes
Dan Brown [Sun, 26 Sep 2021 14:41:11 +0000 (15:41 +0100)]
Caught old string helper function usage
Dan Brown [Sun, 26 Sep 2021 14:37:55 +0000 (15:37 +0100)]
Standardised facade usage to use via their FQCN
Zero [Thu, 23 Sep 2021 03:07:13 +0000 (11:07 +0800)]
Fix coding style
Zero [Fri, 27 Aug 2021 04:54:18 +0000 (12:54 +0800)]
Update translation file
Zero [Fri, 27 Aug 2021 04:53:47 +0000 (12:53 +0800)]
Add user IP into audit table
Zero [Fri, 27 Aug 2021 04:42:02 +0000 (12:42 +0800)]
Save user IP to audit log
Zero [Fri, 27 Aug 2021 04:18:50 +0000 (12:18 +0800)]
Add IP column
floviolleau [Sun, 19 Sep 2021 12:33:54 +0000 (14:33 +0200)]
Allow to use DB tables prefix
floviolleau [Sun, 19 Sep 2021 12:32:35 +0000 (14:32 +0200)]
Allow to use DB tables prefix
floviolleau [Sun, 19 Sep 2021 12:31:18 +0000 (14:31 +0200)]
Allow to use DB tables prefix
floviolleau [Sun, 19 Sep 2021 12:28:57 +0000 (14:28 +0200)]
Allow to use DB tables prefix
Dan Brown [Sat, 18 Sep 2021 20:29:42 +0000 (21:29 +0100)]
Fixed dodgy test helper signature causing tests to fail
Dan Brown [Sat, 18 Sep 2021 20:28:16 +0000 (21:28 +0100)]
Merge pull request #2928 from BookStackApp/browserkit_removal
Dan Brown [Sat, 18 Sep 2021 20:21:44 +0000 (21:21 +0100)]
Applied styleci style changes
projects / bookstack / log