]> BookStack Code Mirror - bookstack/blobdiff - app/Providers/AppServiceProvider.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
LDAP: Added TLS support
[bookstack] / app / Providers / AppServiceProvider.php
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 3a1b4f42ee63e02118a72d798d8e837f12499018..f418153997286e5636e754279be147e753171ec7 100644 (file)
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -34,7 +34,7 @@ class AppServiceProvider extends ServiceProvider
 
         // Custom validation methods
         Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) {
-            $validImageExtensions = ['png', 'jpg', 'jpeg', 'bmp', 'gif', 'tiff', 'webp'];
+            $validImageExtensions = ['png', 'jpg', 'jpeg', 'gif', 'webp'];
             return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions);
         });
 
@@ -43,6 +43,13 @@ class AppServiceProvider extends ServiceProvider
             return substr_count($uploadName, '.') < 2;
         });
 
+        Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) {
+            $cleanLinkName = strtolower(trim($value));
+            $isJs = strpos($cleanLinkName, 'javascript:') === 0;
+            $isData = strpos($cleanLinkName, 'data:') === 0;
+            return !$isJs && !$isData;
+        });
+
         // Custom blade view directives
         Blade::directive('icon', function ($expression) {
             return "<?php echo icon($expression); ?>";
The core source code for the BookStack project.