Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)

[bookstack] / app / Http / Controllers / Controller.php

diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php
index 3ac1392496ad0630fa550cf9a608b6d596229f52..034dfa524192013b4766880ebb878176ef95d496 100644 (file)
--- a/app/Http/Controllers/Controller.php
+++ b/app/Http/Controllers/Controller.php
@@ -4,7 +4,8 @@ namespace BookStack\Http\Controllers;
 
 use BookStack\Facades\Activity;
 use BookStack\Interfaces\Loggable;
-use BookStack\Ownable;
+use BookStack\HasCreatorAndUpdater;
+use BookStack\Model;
 use Illuminate\Foundation\Bus\DispatchesJobs;
 use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Http\Exceptions\HttpResponseException;
@@ -16,11 +17,6 @@ abstract class Controller extends BaseController
 {
     use DispatchesJobs, ValidatesRequests;
 
-    public function __construct()
-    {
-        //
-    }
-
     /**
      * Check if the current user is signed in.
      */
@@ -77,7 +73,7 @@ abstract class Controller extends BaseController
     /**
      * Check the current user's permissions against an ownable item otherwise throw an exception.
      */
-    protected function checkOwnablePermission(string $permission, Ownable $ownable): void
+    protected function checkOwnablePermission(string $permission, Model $ownable): void
     {
         if (!userCan($permission, $ownable)) {
             $this->showPermissionError();
@@ -163,6 +159,6 @@ abstract class Controller extends BaseController
      */
     protected function getImageValidationRules(): string
     {
-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp';
+        return 'image_extension|mimes:jpeg,png,gif,webp';
     }
 }