webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Merge branch 'v0.26'

Browse Source
This commit is contained in:
Dan Brown
2019-08-06 21:50:56 +01:00
parent 0b1ece664d f417675b1d
commit 421dd93ffd
9 changed files with 89 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Entities/Repos/EntityRepo.php
View File

@ -765,6 +765,12 @@ class EntityRepo
$scriptElem->parentNode->removeChild($scriptElem);
}
// Remove data or JavaScript iFrames
$badIframes = $xPath->query('//*[contains(@src, \'data:\')] | //*[contains(@src, \'javascript:\')]');
foreach ($badIframes as $badIframe) {
$badIframe->parentNode->removeChild($badIframe);
}
// Remove 'on*' attributes
$onAttributes = $xPath->query('//@*[starts-with(name(), \'on\')]');
foreach ($onAttributes as $attr) {

7
app/Http/Controllers/UserController.php
View File

@ -146,7 +146,12 @@ class UserController extends Controller
]);
$user = $this->userRepo->getById($id);
$user->fill($request->all());
$user->fill($request->except(['email']));
// Email updates
if (userCan('users-manage') && $request->filled('email')) {
$user->email = $request->get('email');
}
// Role updates
if (userCan('users-manage') && $request->filled('roles')) {