webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-30 04:23:11 +03:00
Code Activity

Added untrusted server fetching control

Browse Source 
WKHTMLtoPDF provides limited control for external fetching
so that will now be disabled by default unless
ALLOW_UNTRUSTED_SERVER_FETCHING=true is specifically set.
This new option will also control DOMPDF fetching.
This commit is contained in:
Dan Brown
2021-08-31 20:22:42 +01:00
parent 8f12c8bc99
commit bee5e2c7ca
7 changed files with 52 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/Entity/ExportTest.php
View File

@ -366,4 +366,20 @@ class ExportTest extends TestCase
$this->assertPermissionError($resp);
}
}
public function test_wkhtmltopdf_only_used_when_allow_untrusted_is_true()
{
/** @var Page $page */
$page = Page::query()->first();
config()->set('snappy.pdf.binary', '/abc123');
config()->set('app.allow_untrusted_server_fetching', false);
$resp = $this->asEditor()->get($page->getUrl('/export/pdf'));
$resp->assertStatus(200); // Sucessful response with invalid snappy binary indicates dompdf usage.
config()->set('app.allow_untrusted_server_fetching', true);
$resp = $this->get($page->getUrl('/export/pdf'));
$resp->assertStatus(500); // Bad response indicates wkhtml usage
}
}

6
tests/Unit/ConfigTest.php
View File

@ -76,6 +76,12 @@ class ConfigTest extends TestCase
);
}
public function test_dompdf_remote_fetching_controlled_by_allow_untrusted_server_fetching_false()
{
$this->checkEnvConfigResult('ALLOW_UNTRUSTED_SERVER_FETCHING', 'false', 'dompdf.defines.enable_remote', false);
$this->checkEnvConfigResult('ALLOW_UNTRUSTED_SERVER_FETCHING', 'true', 'dompdf.defines.enable_remote', true);
}
/**
* Set an environment variable of the given name and value
* then check the given config key to see if it matches the given result.