X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/3acea12f1c0013be4f1e3994cae2ea662e43bb4e..refs/pull/2376/head:/app/Providers/AppServiceProvider.php diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index a2fc673f4..f41815399 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -25,11 +25,16 @@ class AppServiceProvider extends ServiceProvider public function boot() { // Set root URL - URL::forceRootUrl(config('app.url')); + $appUrl = config('app.url'); + if ($appUrl) { + $isHttps = (strpos($appUrl, 'https://') === 0); + URL::forceRootUrl($appUrl); + URL::forceScheme($isHttps ? 'https' : 'http'); + } // Custom validation methods Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) { - $validImageExtensions = ['png', 'jpg', 'jpeg', 'bmp', 'gif', 'tiff', 'webp']; + $validImageExtensions = ['png', 'jpg', 'jpeg', 'gif', 'webp']; return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions); }); @@ -38,12 +43,19 @@ class AppServiceProvider extends ServiceProvider return substr_count($uploadName, '.') < 2; }); + Validator::extend('safe_url', function ($attribute, $value, $parameters, $validator) { + $cleanLinkName = strtolower(trim($value)); + $isJs = strpos($cleanLinkName, 'javascript:') === 0; + $isData = strpos($cleanLinkName, 'data:') === 0; + return !$isJs && !$isData; + }); + // Custom blade view directives Blade::directive('icon', function ($expression) { return ""; }); - Blade::directive('exposeTranslations', function($expression) { + Blade::directive('exposeTranslations', function ($expression) { return "startPush('translations'); ?>" . "" . '' . "\n" .