mirror of
https://github.com/wallabag/wallabag.git
synced 2024-10-31 22:28:54 +00:00
commit
8954100779
5 changed files with 60 additions and 46 deletions
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -1,5 +1,15 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## [2.5.3](https://github.com/wallabag/wallabag/tree/2.5.3)
|
||||||
|
[Full Changelog](https://github.com/wallabag/wallabag/compare/2.5.2...2.5.3)
|
||||||
|
|
||||||
|
### Security fixes
|
||||||
|
* Fix GHSA-qwx8-mxxx-mg96 https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb by @Kdecherf, thanks to @bAuh0lz
|
||||||
|
* Fix GHSA-mrqx-mjc4-vfh3 https://github.com/wallabag/wallabag/commit/5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e by @Kdecherf, thanks to @bAuh0lz
|
||||||
|
|
||||||
|
### Meta
|
||||||
|
* Update deps before 2.5.3 by @j0k3r in https://github.com/wallabag/wallabag/pull/6241
|
||||||
|
|
||||||
## [2.5.2](https://github.com/wallabag/wallabag/tree/2.5.2)
|
## [2.5.2](https://github.com/wallabag/wallabag/tree/2.5.2)
|
||||||
[Full Changelog](https://github.com/wallabag/wallabag/compare/2.5.1...2.5.2)
|
[Full Changelog](https://github.com/wallabag/wallabag/compare/2.5.1...2.5.2)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
wallabag_core:
|
wallabag_core:
|
||||||
version: 2.5.2
|
version: 2.5.3
|
||||||
paypal_url: "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9UBA65LG3FX9Y&lc=gb"
|
paypal_url: "https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=9UBA65LG3FX9Y&lc=gb"
|
||||||
languages:
|
languages:
|
||||||
en: 'English'
|
en: 'English'
|
||||||
|
|
75
composer.lock
generated
75
composer.lock
generated
|
@ -4494,16 +4494,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "j0k3r/graby-site-config",
|
"name": "j0k3r/graby-site-config",
|
||||||
"version": "1.0.161",
|
"version": "1.0.163",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/j0k3r/graby-site-config.git",
|
"url": "https://github.com/j0k3r/graby-site-config.git",
|
||||||
"reference": "6db784d023232ca71d06cbfd62a258e1df9514ef"
|
"reference": "5d34c016c9928cba556fc26867e769c4cf82b538"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/j0k3r/graby-site-config/zipball/6db784d023232ca71d06cbfd62a258e1df9514ef",
|
"url": "https://api.github.com/repos/j0k3r/graby-site-config/zipball/5d34c016c9928cba556fc26867e769c4cf82b538",
|
||||||
"reference": "6db784d023232ca71d06cbfd62a258e1df9514ef",
|
"reference": "5d34c016c9928cba556fc26867e769c4cf82b538",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -4532,9 +4532,9 @@
|
||||||
"description": "Graby site config files",
|
"description": "Graby site config files",
|
||||||
"support": {
|
"support": {
|
||||||
"issues": "https://github.com/j0k3r/graby-site-config/issues",
|
"issues": "https://github.com/j0k3r/graby-site-config/issues",
|
||||||
"source": "https://github.com/j0k3r/graby-site-config/tree/1.0.161"
|
"source": "https://github.com/j0k3r/graby-site-config/tree/1.0.163"
|
||||||
},
|
},
|
||||||
"time": "2023-01-01T02:28:19+00:00"
|
"time": "2023-02-01T02:29:05+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "j0k3r/httplug-ssrf-plugin",
|
"name": "j0k3r/httplug-ssrf-plugin",
|
||||||
|
@ -7510,16 +7510,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "phpstan/phpdoc-parser",
|
"name": "phpstan/phpdoc-parser",
|
||||||
"version": "1.15.3",
|
"version": "1.16.0",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/phpstan/phpdoc-parser.git",
|
"url": "https://github.com/phpstan/phpdoc-parser.git",
|
||||||
"reference": "61800f71a5526081d1b5633766aa88341f1ade76"
|
"reference": "57090cfccbfaa639e703c007486d605a6e80f56d"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/61800f71a5526081d1b5633766aa88341f1ade76",
|
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/57090cfccbfaa639e703c007486d605a6e80f56d",
|
||||||
"reference": "61800f71a5526081d1b5633766aa88341f1ade76",
|
"reference": "57090cfccbfaa639e703c007486d605a6e80f56d",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -7549,9 +7549,9 @@
|
||||||
"description": "PHPDoc parser with support for nullable, intersection and generic types",
|
"description": "PHPDoc parser with support for nullable, intersection and generic types",
|
||||||
"support": {
|
"support": {
|
||||||
"issues": "https://github.com/phpstan/phpdoc-parser/issues",
|
"issues": "https://github.com/phpstan/phpdoc-parser/issues",
|
||||||
"source": "https://github.com/phpstan/phpdoc-parser/tree/1.15.3"
|
"source": "https://github.com/phpstan/phpdoc-parser/tree/1.16.0"
|
||||||
},
|
},
|
||||||
"time": "2022-12-20T20:56:55+00:00"
|
"time": "2023-01-29T14:41:23+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "phpzip/phpzip",
|
"name": "phpzip/phpzip",
|
||||||
|
@ -8868,26 +8868,27 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "simplepie/simplepie",
|
"name": "simplepie/simplepie",
|
||||||
"version": "1.7.0",
|
"version": "1.8.0",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/simplepie/simplepie.git",
|
"url": "https://github.com/simplepie/simplepie.git",
|
||||||
"reference": "9e9add3428ce86aede874bcf9a59c78e272f8dc1"
|
"reference": "65b095d87bc00898d8fa7737bdbcda93a3fbcc55"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/simplepie/simplepie/zipball/9e9add3428ce86aede874bcf9a59c78e272f8dc1",
|
"url": "https://api.github.com/repos/simplepie/simplepie/zipball/65b095d87bc00898d8fa7737bdbcda93a3fbcc55",
|
||||||
"reference": "9e9add3428ce86aede874bcf9a59c78e272f8dc1",
|
"reference": "65b095d87bc00898d8fa7737bdbcda93a3fbcc55",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
"ext-pcre": "*",
|
"ext-pcre": "*",
|
||||||
"ext-xml": "*",
|
"ext-xml": "*",
|
||||||
"ext-xmlreader": "*",
|
"ext-xmlreader": "*",
|
||||||
"php": ">=5.6.0"
|
"php": ">=7.2.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"friendsofphp/php-cs-fixer": "^2.19 || ^3.8",
|
"friendsofphp/php-cs-fixer": "^2.19 || ^3.8",
|
||||||
|
"psr/simple-cache": "^1 || ^2 || ^3",
|
||||||
"yoast/phpunit-polyfills": "^1.0.1"
|
"yoast/phpunit-polyfills": "^1.0.1"
|
||||||
},
|
},
|
||||||
"suggest": {
|
"suggest": {
|
||||||
|
@ -8937,9 +8938,9 @@
|
||||||
],
|
],
|
||||||
"support": {
|
"support": {
|
||||||
"issues": "https://github.com/simplepie/simplepie/issues",
|
"issues": "https://github.com/simplepie/simplepie/issues",
|
||||||
"source": "https://github.com/simplepie/simplepie/tree/1.7.0"
|
"source": "https://github.com/simplepie/simplepie/tree/1.8.0"
|
||||||
},
|
},
|
||||||
"time": "2022-09-30T06:49:48+00:00"
|
"time": "2023-01-20T08:37:35+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "smalot/pdfparser",
|
"name": "smalot/pdfparser",
|
||||||
|
@ -9280,16 +9281,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "symfony/http-client",
|
"name": "symfony/http-client",
|
||||||
"version": "v5.4.17",
|
"version": "v5.4.20",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/symfony/http-client.git",
|
"url": "https://github.com/symfony/http-client.git",
|
||||||
"reference": "772129f800fc0bfaa6bd40c40934d544f0957d30"
|
"reference": "b4d936b657c7952a41e89efd0ddcea51f8c90f34"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/symfony/http-client/zipball/772129f800fc0bfaa6bd40c40934d544f0957d30",
|
"url": "https://api.github.com/repos/symfony/http-client/zipball/b4d936b657c7952a41e89efd0ddcea51f8c90f34",
|
||||||
"reference": "772129f800fc0bfaa6bd40c40934d544f0957d30",
|
"reference": "b4d936b657c7952a41e89efd0ddcea51f8c90f34",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -9347,7 +9348,7 @@
|
||||||
"description": "Provides powerful methods to fetch HTTP resources synchronously or asynchronously",
|
"description": "Provides powerful methods to fetch HTTP resources synchronously or asynchronously",
|
||||||
"homepage": "https://symfony.com",
|
"homepage": "https://symfony.com",
|
||||||
"support": {
|
"support": {
|
||||||
"source": "https://github.com/symfony/http-client/tree/v5.4.17"
|
"source": "https://github.com/symfony/http-client/tree/v5.4.20"
|
||||||
},
|
},
|
||||||
"funding": [
|
"funding": [
|
||||||
{
|
{
|
||||||
|
@ -9363,7 +9364,7 @@
|
||||||
"type": "tidelift"
|
"type": "tidelift"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"time": "2022-12-13T11:07:37+00:00"
|
"time": "2023-01-25T18:32:18+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "symfony/http-client-contracts",
|
"name": "symfony/http-client-contracts",
|
||||||
|
@ -12390,16 +12391,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "nikic/php-parser",
|
"name": "nikic/php-parser",
|
||||||
"version": "v4.15.2",
|
"version": "v4.15.3",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/nikic/PHP-Parser.git",
|
"url": "https://github.com/nikic/PHP-Parser.git",
|
||||||
"reference": "f59bbe44bf7d96f24f3e2b4ddc21cd52c1d2adbc"
|
"reference": "570e980a201d8ed0236b0a62ddf2c9cbb2034039"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/f59bbe44bf7d96f24f3e2b4ddc21cd52c1d2adbc",
|
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/570e980a201d8ed0236b0a62ddf2c9cbb2034039",
|
||||||
"reference": "f59bbe44bf7d96f24f3e2b4ddc21cd52c1d2adbc",
|
"reference": "570e980a201d8ed0236b0a62ddf2c9cbb2034039",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -12440,9 +12441,9 @@
|
||||||
],
|
],
|
||||||
"support": {
|
"support": {
|
||||||
"issues": "https://github.com/nikic/PHP-Parser/issues",
|
"issues": "https://github.com/nikic/PHP-Parser/issues",
|
||||||
"source": "https://github.com/nikic/PHP-Parser/tree/v4.15.2"
|
"source": "https://github.com/nikic/PHP-Parser/tree/v4.15.3"
|
||||||
},
|
},
|
||||||
"time": "2022-11-12T15:38:23+00:00"
|
"time": "2023-01-16T22:05:37+00:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "php-cs-fixer/diff",
|
"name": "php-cs-fixer/diff",
|
||||||
|
@ -12954,16 +12955,16 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "symfony/phpunit-bridge",
|
"name": "symfony/phpunit-bridge",
|
||||||
"version": "v6.2.3",
|
"version": "v6.2.5",
|
||||||
"source": {
|
"source": {
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/symfony/phpunit-bridge.git",
|
"url": "https://github.com/symfony/phpunit-bridge.git",
|
||||||
"reference": "3766b8269d3bac5c214a04ebd6870e71e52bcb60"
|
"reference": "d759e5372de414bef53a688c7aa7e240e4fd8aa2"
|
||||||
},
|
},
|
||||||
"dist": {
|
"dist": {
|
||||||
"type": "zip",
|
"type": "zip",
|
||||||
"url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/3766b8269d3bac5c214a04ebd6870e71e52bcb60",
|
"url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/d759e5372de414bef53a688c7aa7e240e4fd8aa2",
|
||||||
"reference": "3766b8269d3bac5c214a04ebd6870e71e52bcb60",
|
"reference": "d759e5372de414bef53a688c7aa7e240e4fd8aa2",
|
||||||
"shasum": ""
|
"shasum": ""
|
||||||
},
|
},
|
||||||
"require": {
|
"require": {
|
||||||
|
@ -13017,7 +13018,7 @@
|
||||||
"description": "Provides utilities for PHPUnit, especially user deprecation notices management",
|
"description": "Provides utilities for PHPUnit, especially user deprecation notices management",
|
||||||
"homepage": "https://symfony.com",
|
"homepage": "https://symfony.com",
|
||||||
"support": {
|
"support": {
|
||||||
"source": "https://github.com/symfony/phpunit-bridge/tree/v6.2.3"
|
"source": "https://github.com/symfony/phpunit-bridge/tree/v6.2.5"
|
||||||
},
|
},
|
||||||
"funding": [
|
"funding": [
|
||||||
{
|
{
|
||||||
|
@ -13033,7 +13034,7 @@
|
||||||
"type": "tidelift"
|
"type": "tidelift"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"time": "2022-12-28T14:26:22+00:00"
|
"time": "2023-01-01T08:38:09+00:00"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"aliases": [],
|
"aliases": [],
|
||||||
|
|
|
@ -25,17 +25,17 @@ class ExportController extends Controller
|
||||||
*
|
*
|
||||||
* @return \Symfony\Component\HttpFoundation\Response
|
* @return \Symfony\Component\HttpFoundation\Response
|
||||||
*/
|
*/
|
||||||
public function downloadEntryAction(Request $request, $format)
|
public function downloadEntryAction(Request $request, $format, $id)
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
$entry = $this->get('wallabag_core.entry_repository')
|
$entry = $this->get('wallabag_core.entry_repository')
|
||||||
->find((int) $request->query->get('id'));
|
->find((int) $id);
|
||||||
|
|
||||||
/**
|
/*
|
||||||
* We duplicate EntryController::checkUserAction here as a quick fix for an improper authorization vulnerability
|
* We duplicate EntryController::checkUserAction here as a quick fix for an improper authorization vulnerability
|
||||||
*
|
*
|
||||||
* This should be eventually rewritten
|
* This should be eventually rewritten
|
||||||
*/
|
*/
|
||||||
if (null === $entry || null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
|
if (null === $entry || null === $this->getUser() || $this->getUser()->getId() !== $entry->getUser()->getId()) {
|
||||||
throw new NotFoundHttpException();
|
throw new NotFoundHttpException();
|
||||||
}
|
}
|
||||||
|
|
|
@ -72,9 +72,12 @@ class ExportControllerTest extends WallabagCoreTestCase
|
||||||
$this->logInAs('admin');
|
$this->logInAs('admin');
|
||||||
$client = $this->getClient();
|
$client = $this->getClient();
|
||||||
|
|
||||||
// Entry with id 3 is owned by the user bob
|
$content = $client->getContainer()
|
||||||
// See EntryFixtures
|
->get('doctrine.orm.entity_manager')
|
||||||
$client->request('GET', '/export/3.mobi');
|
->getRepository('WallabagCoreBundle:Entry')
|
||||||
|
->findOneByUsernameAndNotArchived('bob');
|
||||||
|
|
||||||
|
$client->request('GET', '/export/' . $content->getId() . '.mobi');
|
||||||
|
|
||||||
$this->assertSame(404, $client->getResponse()->getStatusCode());
|
$this->assertSame(404, $client->getResponse()->getStatusCode());
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue