BookStack Code Mirror - bookstack/blobdiff

index 6e81dfd65738942ee30cdb542fe9775360c6a8a1..7f2134dd87abe8d7eedd8cc9d03038ba54d55260 100644 (file)

--- a/app/Http/Controller.php

+++ b/app/Http/Controller.php

@@ -9,6 +9,8 @@ use BookStack\Facades\Activity;

use Illuminate\Foundation\Bus\DispatchesJobs;

use Illuminate\Foundation\Validation\ValidatesRequests;

use Illuminate\Http\JsonResponse;

use Illuminate\Foundation\Bus\DispatchesJobs;

use Illuminate\Foundation\Validation\ValidatesRequests;

use Illuminate\Http\JsonResponse;

+use Illuminate\Http\RedirectResponse;

+use Illuminate\Http\Request;

use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController

use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController

@@ -47,13 +49,13 @@ abstract class Controller extends BaseController

* On a permission error redirect to home and display.

* the error as a notification.

* On a permission error redirect to home and display.

* the error as a notification.

- * @return never

+ * @throws NotifyException

- protected function showPermissionError()

+ protected function showPermissionError(string $redirectLocation = '/'): never

{

$message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');

{

$message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');

- throw new NotifyException($message, '/', 403);

+ throw new NotifyException($message, $redirectLocation, 403);

}

/**

}

/**

@@ -79,10 +81,10 @@ abstract class Controller extends BaseController

/**

* Check the current user's permissions against an ownable item otherwise throw an exception.

/**

* Check the current user's permissions against an ownable item otherwise throw an exception.

- protected function checkOwnablePermission(string $permission, Model $ownable): void

+ protected function checkOwnablePermission(string $permission, Model $ownable, string $redirectLocation = '/'): void

{

if (!userCan($permission, $ownable)) {

{

if (!userCan($permission, $ownable)) {

- $this->showPermissionError();

+ $this->showPermissionError($redirectLocation);

}

@@ -150,10 +152,8 @@ abstract class Controller extends BaseController

/**

* Log an activity in the system.

/**

* Log an activity in the system.

- *

- * @param string|Loggable $detail

- protected function logActivity(string $type, $detail = ''): void

+ protected function logActivity(string $type, string|Loggable $detail = ''): void

{

Activity::add($type, $detail);

}

{

Activity::add($type, $detail);

}

@@ -163,6 +163,22 @@ abstract class Controller extends BaseController

protected function getImageValidationRules(): array

{

protected function getImageValidationRules(): array

{

- return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)];

+ return ['image_extension', 'mimes:jpeg,png,gif,webp,avif', 'max:' . (config('app.upload_limit') * 1000)];

+ }

+ /**

+ * Redirect to the URL provided in the request as a '_return' parameter.

+ * Will check that the parameter leads to a URL under the root path of the system.

+ */

+ protected function redirectToRequest(Request $request): RedirectResponse

+ {

+ $basePath = url('/');

+ $returnUrl = $request->input('_return') ?? $basePath;

+ if (!str_starts_with($returnUrl, $basePath)) {

+ return redirect($basePath);

+ }

+ return redirect($returnUrl);

}