webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-12-04 05:22:38 +03:00
Code Activity

Sessions: Ignored extra meta/dist content in history tracking

Browse Source 
For #5925
Added tests to cover.
Extracted existing test to place with similiar sessions tests
This commit is contained in:
Dan Brown
2025-12-03 14:10:09 +00:00
parent 2fde803c76
commit 65f7b61c1f
3 changed files with 57 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Http/Middleware/StartSessionExtended.php
View File

@@ -14,7 +14,10 @@ use Illuminate\Session\Middleware\StartSession as Middleware;
class StartSessionExtended extends Middleware class StartSessionExtended extends Middleware
{ {
protected static array $pathPrefixesExcludedFromHistory = [ protected static array $pathPrefixesExcludedFromHistory = [
'uploads/images/' 'uploads/images/',
'dist/',
'manifest.json',
'opensearch.xml',
]; ];
/** /**

53
tests/SessionTest.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
namespace Tests;
class SessionTest extends TestCase
{
public function test_secure_images_not_tracked_in_session_history()
{
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$page = $this->entities->page();
$result = $this->files->uploadGalleryImageToPage($this, $page);
$expectedPath = storage_path($result['path']);
$this->assertFileExists($expectedPath);
$this->get('/books');
$this->assertEquals(url('/books'), session()->previousUrl());
$resp = $this->get($result['path']);
$resp->assertOk();
$resp->assertHeader('Content-Type', 'image/png');
$this->assertEquals(url('/books'), session()->previousUrl());
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_pwa_manifest_is_not_tracked_in_session_history()
{
$this->asEditor()->get('/books');
$this->get('/manifest.json');
$this->assertEquals(url('/books'), session()->previousUrl());
}
public function test_dist_dir_access_is_not_tracked_in_session_history()
{
$this->asEditor()->get('/books');
$this->get('/dist/sub/hello.txt');
$this->assertEquals(url('/books'), session()->previousUrl());
}
public function test_opensearch_is_not_tracked_in_session_history()
{
$this->asEditor()->get('/books');
$this->get('/opensearch.xml');
$this->assertEquals(url('/books'), session()->previousUrl());
}
}

23
tests/Uploads/ImageTest.php
View File

@@ -429,29 +429,6 @@ class ImageTest extends TestCase
} }
} }
public function test_secure_images_not_tracked_in_session_history()
{
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$page = $this->entities->page();
$result = $this->files->uploadGalleryImageToPage($this, $page);
$expectedPath = storage_path($result['path']);
$this->assertFileExists($expectedPath);
$this->get('/books');
$this->assertEquals(url('/books'), session()->previousUrl());
$resp = $this->get($result['path']);
$resp->assertOk();
$resp->assertHeader('Content-Type', 'image/png');
$this->assertEquals(url('/books'), session()->previousUrl());
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_system_images_remain_public_with_local_secure_restricted() public function test_system_images_remain_public_with_local_secure_restricted()
{ {
config()->set('filesystems.images', 'local_secure_restricted'); config()->set('filesystems.images', 'local_secure_restricted');