[pull] feature/newline_wysiwyg from BookStackApp:release#1
Open
pull[bot] wants to merge 1815 commits into
Open
[pull] feature/newline_wysiwyg from BookStackApp:release#1pull[bot] wants to merge 1815 commits into
pull[bot] wants to merge 1815 commits into
Conversation
- Updated esbuild system to be module, and fixed build command. - Reverted module use in package.json by default as this impacted test runs/files. - Updated mention user select: - To look better in dark mode. - To not remove text after on select. - To properly revert/restore focus on enter or cancel.
- Added advisory on role permission form to advise which allow listing of users/roles. - Updated database config to avoid PHP8.5 deprecation. - Tweaked migration to remove unused index. - Fixed test namespace.
Update "Microsoft URL Rewrite Module for IIS" download link
Includes major version change of antonioribeiro/google2fa which changes secret length. From manual testing of old MFA secrets and new, this should not be breaking at all.
For #5951 Added test to cover.
Lexical fixes for v25.12
- The init & update commands will now use download-vendor logic instead of using composer to install required PHP packages. - The init command will now use our source.bookstackapp.com git mirror instead of GitHub. - Updated depenancy PHP package versions.
System CLI: Update to v0.4
Checks files within the ZIP again the app upload file limit before using/streaming/extracting, to help ensure that they do no exceed what might be expected on that instance, and to prevent disk exhaustion via things like super high compression ratio files. Thanks to Jeong Woo Lee (eclipse07077-ljw) for reporting.
Sets some reasonable limits, which are higher when logged in since that infers a little extra trust. Helps prevent against large resource consuption attacks via super heavy search queries. Thanks to Gabriel Rodrigues AKA TEXUGO for reporting.
Add some additional resource-based limits
- Removed extra non-needed docs in repo - Tweaked some wording. - Added extra test scenarios. - Added options to phpunit default env. - Added auto-quote-handling for unsafe-inline CSS rule. For #6033
Added during investigation for #6062 Might as well leave in even though it does not trigger the cause for that particuluar issue.
Think it would primariy use the created_at ordering based in the relation which could cause trouble in CI test environment. This better forces Id based ordering
Added visual system, not yet added on-click logic. Related to #4218
Added jump-to-header logic for lexical WYSIWYG, and both codemirror & plaintext markdown editor windows.
… into development Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6133
- Removed unused import - Added some trailing newlines to code files - Prevented <hr>s confusing logic in MD editor - Aligned logic to select end of header across editors
…_editor_contents into development Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6131
## Details <!-- Write details of your pull request in here --> <!-- Include references to any relevant issues/discussions --> ## Checklist <!-- Put an 'x' in between the brackets below to confirm these elements --> - [ ] I have read the [BookStack community rules](https://www.bookstackapp.com/about/community-rules/). - [ ] This PR does not feature significant use of LLM/AI generation as per the community rules above. Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Reviewed-on: https://codeberg.org/bookstack/bookstack/pulls/6139
Currently causing extra files to be created alongside previous files in crowdin
These would trigger an error on use, and could be abused to fill logs. Added test to cover. Thanks to Stephen O. / Sakusen for reporting.
Updated allow list/purifier system to only allow file protocol use on anchor hrefs to avoid potential security concerns with, after export, content being auto loaded via interactive elements like embeds/objects/videos etc... Updated tests to cover. Thanks to Gurmandeep Deol at Seneca Polytechnic for reporting.
Avoids providing responses with potential sensitive attachment info before permission checks. Added tests to cover. Thanks to Rafael Castilho for reporting.
This is to reduce the amount of content which will be logged, since these messages don't really indicate an actual system error but advise the user of something which went wrong with their request.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )