Merge branch 'master' into release

Author: ssddanbrown

.env.example

@@ -20,6 +20,8 @@ SESSION_DRIVER=file
 #CACHE_DRIVER=memcached
 #SESSION_DRIVER=memcached
 QUEUE_DRIVER=sync
+# A different prefix is useful when multiple BookStack instances use the same caching server
+CACHE_PREFIX=bookstack
 
 # Memcached settings
 # If using a UNIX socket path for the host, set the port to 0
@@ -73,3 +75,5 @@ MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
 MAIL_ENCRYPTION=null
+MAIL_FROM=null
+MAIL_FROM_NAME=null

app/Book.php

@@ -2,6 +2,7 @@
 
 class Book extends Entity
 {
+    public $searchFactor = 2;
 
     protected $fillable = ['name', 'description', 'image_id'];
 

app/Chapter.php

@@ -2,6 +2,8 @@
 
 class Chapter extends Entity
 {
+    public $searchFactor = 1.3;
+
     protected $fillable = ['name', 'description', 'priority', 'book_id'];
 
     protected $with = ['book'];

app/Entity.php

@@ -5,8 +5,16 @@
 class Entity extends Ownable
 {
 
+    /**
+     * @var string - Name of property where the main text content is found
+     */
     public $textField = 'description';
 
+    /**
+     * @var float - Multiplier for search indexing.
+     */
+    public $searchFactor = 1.0;
+
     /**
      * Compares this entity to another given entity.
      * Matches by comparing class and id.
@@ -193,4 +201,5 @@ public function getUrl($path)
     {
         return '/';
     }
+
 }

app/Http/Controllers/HomeController.php

@@ -2,6 +2,7 @@
 
 use Activity;
 use BookStack\Repos\EntityRepo;
+use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Views;
 
@@ -88,6 +89,27 @@ public function getTranslations()
         ]);
     }
 
+    /**
+     * Get an icon via image request.
+     * Can provide a 'color' parameter with hex value to color the icon.
+     * @param $iconName
+     * @param Request $request
+     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
+     */
+    public function getIcon($iconName, Request $request)
+    {
+        $attrs = [];
+        if ($request->filled('color')) {
+            $attrs['fill'] = '#' . $request->get('color');
+        }
+
+        $icon = icon($iconName, $attrs);
+        return response($icon, 200, [
+            'Content-Type' => 'image/svg+xml',
+            'Cache-Control' => 'max-age=3600',
+        ]);
+    }
+
     /**
      * Get custom head HTML, Used in ajax calls to show in editor.
      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View

app/Http/Controllers/ImageController.php

@@ -136,6 +136,7 @@ public function uploadByType($type, Request $request)
             return response($e->getMessage(), 500);
         }
 
+
         return response()->json($image);
     }
 

app/Http/Controllers/SearchController.php

@@ -40,13 +40,12 @@ public function search(Request $request)
         $nextPageLink = baseUrl('/search?term=' . urlencode($searchTerm) . '&page=' . ($page+1));
 
         $results = $this->searchService->searchEntities($searchTerm, 'all', $page, 20);
-        $hasNextPage = $this->searchService->searchEntities($searchTerm, 'all', $page+1, 20)['count'] > 0;
 
         return view('search/all', [
             'entities'   => $results['results'],
             'totalResults' => $results['total'],
             'searchTerm' => $searchTerm,
-            'hasNextPage' => $hasNextPage,
+            'hasNextPage' => $results['has_more'],
             'nextPageLink' => $nextPageLink
         ]);
     }

app/Repos/EntityRepo.php

@@ -713,6 +713,10 @@ protected function formatHtml($htmlText)
     public function renderPage(Page $page, $ignorePermissions = false)
     {
         $content = $page->html;
+        if (!config('app.allow_content_scripts')) {
+            $content = $this->escapeScripts($content);
+        }
+
         $matches = [];
         preg_match_all("/{{@\s?([0-9].*?)}}/", $content, $matches);
         if (count($matches[0]) === 0) {
@@ -760,6 +764,24 @@ public function renderPage(Page $page, $ignorePermissions = false)
         return $content;
     }
 
+    /**
+     * Escape script tags within HTML content.
+     * @param string $html
+     * @return mixed
+     */
+    protected function escapeScripts(string $html)
+    {
+        $scriptSearchRegex = '/<script.*?>.*?<\/script>/ms';
+        $matches = [];
+        preg_match_all($scriptSearchRegex, $html, $matches);
+        if (count($matches) === 0) return $html;
+
+        foreach ($matches[0] as $match) {
+            $html = str_replace($match, htmlentities($match), $html);
+        }
+        return $html;
+    }
+
     /**
      * Get the plain text version of a page's content.
      * @param Page $page

app/Repos/ImageRepo.php

@@ -225,7 +225,6 @@ public function getThumbnail(Image $image, $width = 220, $height = 220, $keepRat
         try {
             return $this->imageService->getThumbnail($image, $width, $height, $keepRatio);
         } catch (\Exception $exception) {
-            dd($exception);
             return null;
         }
     }

app/Services/AttachmentService.php

@@ -14,20 +14,14 @@ class AttachmentService extends UploadService
      */
     protected function getStorage()
     {
-        if ($this->storageInstance !== null) {
-            return $this->storageInstance;
-        }
-
         $storageType = config('filesystems.default');
 
         // Override default location if set to local public to ensure not visible.
         if ($storageType === 'local') {
             $storageType = 'local_secure';
         }
 
-        $this->storageInstance = $this->fileSystem->disk($storageType);
-
-        return $this->storageInstance;
+        return $this->fileSystem->disk($storageType);
     }
 
     /**