Commit graph

542 commits

Author SHA1 Message Date
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de
Fix tests 2023-01-16 10:21:37 +01:00
Jeremy Benoist
dc28d7ea0f
Add support to download SVG locally 2022-10-18 11:14:45 +02:00
Jeremy Benoist
d4b0b62bb5
Fix unrelated failing test
LExpansion is down ATM.
Use a website which isn't down randomly.
2022-10-17 21:49:03 +02:00
Jeremy Benoist
7b150dcd26
Add tests 2022-10-17 21:37:08 +02:00
Jeremy Benoist
53574f05d5
Fix random failing tests
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
2022-10-10 09:15:26 +02:00
JT Smith
6da76ffaae Typofixes 2022-10-03 18:31:43 -06:00
Jeremy Benoist
812b4a906f
Add nbEntries to the API tags list response
So client will be able to do the same as in the web UI.

Also remove empty `div` from the tags template.
2022-09-23 15:16:38 +02:00
Jeremy Benoist
cd4105bbe9
Fix tests 2022-08-22 19:57:57 +02:00
Jeremy Benoist
37019b5ad5
Fix tests 2022-05-13 14:15:19 +02:00
Jeremy Benoist
4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jérémy Benoist
ebfbdb4519
Merge pull request #5381 from wallabag/tag-search-results 2022-05-13 07:09:18 +02:00
Jeremy Benoist
9f6414785c
Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e
Added action to tag search results 2022-04-20 22:57:25 +02:00
Jeremy Benoist
a885f5043a
Update tests 2022-04-20 22:14:56 +02:00
Nicolas Lœuillet
33b1c252a7
fixed review 2022-04-20 22:12:49 +02:00
Nicolas Lœuillet
aaa03cc395
Added serialization group 2022-04-20 22:12:49 +02:00
Nicolas Lœuillet
bb12538fab
Added new endpoint for API: config 2022-04-20 22:12:49 +02:00
Kevin Decherf
8f2fefe233
Merge pull request #5680 from wallabag/impr/intl
Replace `iconv()` calls with Transliterator
2022-03-21 22:28:49 +01:00
Kevin Decherf
1608bf5a4e Replace iconv() calls with Transliterator
See https://stackoverflow.com/a/35178027/954513

Closes #5377

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2022-03-21 22:12:11 +01:00
Jeremy Benoist
0049ef390b
Add some basic test 2022-03-21 21:29:30 +01:00
Jeremy Benoist
3a918cf30e
Fix test with usinenouvelle.com being flaky these times
Replace it with a more robust website 🤩
2022-03-21 20:43:29 +01:00
Jérémy Benoist
eb99cacf43
Merge pull request #5664 from Simounet/feat/home-entries-updated 2022-03-15 09:34:00 +01:00
Adrien Gallou
29df8ed590
this change adds an option to sort the feed entires by updated_at
There is now an option to sort the feed entires by updated_at, on the
controler : a sort querystring argument that accepts either "created"
or "updated".
2022-03-14 22:58:45 +01:00
Simounet
85e91f9e67
CSS grid used for bloc mode entries and flex for card bloc 2022-03-14 22:09:07 +01:00
Jeremy Benoist
7ec0c9f844
Fix tests 2022-03-02 20:12:08 +01:00
Nicolas Lœuillet
cd975c5f13
Added annotated filter 2022-03-02 20:07:44 +01:00
Nicolas Lœuillet
6dfc031839
Enhanced tests and changed route 2022-03-02 20:07:43 +01:00
Nicolas Lœuillet
0aeaf0e8c2
Added tests 2022-03-02 20:07:17 +01:00
Jeremy Benoist
9a6146d2ef
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-03-02 20:03:33 +01:00
Jeremy Benoist
10d071a4f2
Fix tests 2022-03-02 19:28:48 +01:00
Jeremy Benoist
5c4993832e
Fix tagging rule match when user a custom reading speed
By default, we assume the reading speed is 200 word per minute (WPM) when we save an entry.
User can change that value in the config and the rendering is properly performed with the user reading speed.
BUT, when the matching rule is applied, it uses the default reading time defined in the entry without applying the custom reading speed of the user.
This should fix that bug.

Also update the `wallabag:tag:all` to fix the bug when tagging all entries.
2022-03-02 19:12:33 +01:00
Jeremy Benoist
2b3ff84829
Avoid overlapping images when downloading them 2022-02-07 15:19:49 +01:00
Jeremy Benoist
3c507d676f
Add build test on PHP 8.0 & 8.1
Add `isTransactional` to `WallabagMigration` because PHP 8 behave differently with PDO transaction.
This is a workaround because we can't upgrade Doctrine Migration for now (upper versions have the fix).

- Build is now using Composer v2 (instead of v1)
- All actions have been updated to latest version
- Fix bug in PHP 8 were `$entry->getTags()` can't be properly used as a _traversable_ by `assertContains` during tests. Added a custom method `Entry::getTagsLabel()` which return a flatted tag array with only label
- Replace `assertNotRegExp` by `assertDoesNotMatchRegularExpression` because it was deprecated
2022-01-31 12:59:39 +01:00
Jeremy Benoist
283675ccd0
Rebuild assets and update webpack config
And optimize images (Thanks ImageOptim)
2022-01-05 16:09:43 +01:00
Jeremy Benoist
0afd91a160
Remove dead test
The URL seems to be down now.
Move to a more frequent deps update
2022-01-05 13:25:50 +01:00
Nicolas Lœuillet
c34fe9945a Fixed test 2021-08-03 08:36:56 +02:00
Nicolas Lœuillet
609193cf59 Fixed unavailable russian website in test 2021-08-03 07:56:14 +02:00
Simounet
6324d30db2
Fix PHPUnit deprecated warning 2021-04-14 13:07:46 +02:00
Simounet
e491052b0d
Fix 404 on real content test URL 2021-04-14 13:07:34 +02:00
Jeremy Benoist
7ca833bccb
Fix tests 2021-03-18 11:44:57 +01:00
Kevin Decherf
7acd207054 Convert tag label to lowercase in RuleBasedTagger
Fixes #4266

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2021-03-06 19:46:24 +01:00
Jeremy Benoist
38902a2f04
Fix test 2021-02-08 09:57:10 +01:00
Jeremy Benoist
a962a3ab13
CS 2021-02-08 09:56:25 +01:00
Jeremy Benoist
dd9d6a4c64
Add Delicious import
Since 2021, you can export again your data \o/

Also fix indentation in json fixtures files.
2021-02-08 09:47:56 +01:00
Nicolas Lœuillet
890c7d0bfa
Added button to show entries with the same domain 2021-02-08 09:45:38 +01:00