webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-06 12:02:45 +03:00
Code Activity

Sessions: Prevent image urls being part of session URL history

Browse Source 
To prevent them being considered for redirects.
Includes test to cover.
For #4863
This commit is contained in:
Dan Brown
2024-02-22 11:22:08 +00:00
parent 055bbf17de
commit a75d5b8bc1
3 changed files with 58 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/Uploads/ImageTest.php
View File

@@ -383,6 +383,29 @@ class ImageTest extends TestCase
}
}
public function test_secure_images_not_tracked_in_session_history()
{
config()->set('filesystems.images', 'local_secure');
$this->asEditor();
$page = $this->entities->page();
$result = $this->files->uploadGalleryImageToPage($this, $page);
$expectedPath = storage_path($result['path']);
$this->assertFileExists($expectedPath);
$this->get('/books');
$this->assertEquals(url('/books'), session()->previousUrl());
$resp = $this->get($result['path']);
$resp->assertOk();
$resp->assertHeader('Content-Type', 'image/png');
$this->assertEquals(url('/books'), session()->previousUrl());
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_system_images_remain_public_with_local_secure_restricted()
{
config()->set('filesystems.images', 'local_secure_restricted');