Sessions: Prevent image urls being part of session URL history

To prevent them being considered for redirects. Includes test to cover. For #4863
2025-07-28 17:02:04 +03:00 · 2024-02-22 11:22:08 +00:00
parent 055bbf17de
commit a75d5b8bc1
3 changed files with 58 additions and 1 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -28,7 +28,7 @@ class Kernel extends HttpKernel
            \BookStack\Http\Middleware\ApplyCspRules::class,
            \BookStack\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
-            \Illuminate\Session\Middleware\StartSession::class,
+            \BookStack\Http\Middleware\StartSessionExtended::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \BookStack\Http\Middleware\VerifyCsrfToken::class,
            \BookStack\Http\Middleware\CheckEmailConfirmed::class,