mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-06-29 02:20:47 +00:00
Code Issues Projects Releases Wiki Activity
7962 commits 13 branches 99 tags 148 MiB
Commit graph

7962 commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeremy Benoist 242e3feac9
Fix adding tag to entries from other people 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
 2023-02-07 21:25:57 +01:00
Jeremy Benoist bd4c71682e
Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jérémy Benoist ebb39759ff
Merge pull request #6286 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.23 2023-02-07 05:35:17 +01:00
dependabot[bot] 647d628853
Bump phpstan/phpstan-symfony from 1.2.22 to 1.2.23 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.22 to 1.2.23.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.22...1.2.23)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-07 03:03:29 +00:00
Jérémy Benoist 784bc1393c
Merge pull request #6275 from wallabag/2.x/fix-release-script 
Fix release script
 2023-02-06 10:13:57 +01:00
Jérémy Benoist b134c76ed7
Merge pull request #6278 from wallabag/dependabot/npm_and_yarn/eslint-webpack-plugin-4.0.0 2023-02-06 07:15:10 +01:00
dependabot[bot] 302ae4ec57
Bump eslint-webpack-plugin from 3.2.0 to 4.0.0 
Bumps [eslint-webpack-plugin](https://github.com/webpack-contrib/eslint-webpack-plugin) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/webpack-contrib/eslint-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/eslint-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/eslint-webpack-plugin/compare/v3.2.0...v4.0.0)

---
updated-dependencies:
- dependency-name: eslint-webpack-plugin
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 06:06:27 +00:00
Jérémy Benoist 9bf6986e67
Merge pull request #6279 from wallabag/dependabot/composer/jms/serializer-3.22.0 2023-02-06 07:03:33 +01:00
Jérémy Benoist 30bea857f0
Merge pull request #6280 from wallabag/dependabot/npm_and_yarn/stylelint-webpack-plugin-4.0.0 2023-02-06 07:03:16 +01:00
Jérémy Benoist 363dd2ddbb
Merge pull request #6282 from wallabag/dependabot/composer/doctrine/persistence-3.1.4 2023-02-06 07:02:56 +01:00
Jérémy Benoist b945e04be8
Merge pull request #6283 from wallabag/dependabot/composer/jms/serializer-bundle-5.2.1 2023-02-06 07:02:36 +01:00
github-actions[bot] add7d3d8b6
Merge pull request #6281 from wallabag/dependabot/npm_and_yarn/sass-1.58.0 
Bump sass from 1.57.1 to 1.58.0
 2023-02-06 03:10:57 +00:00
dependabot[bot] c106ec7438
Bump jms/serializer-bundle from 5.2.0 to 5.2.1 
Bumps [jms/serializer-bundle](https://github.com/schmittjoh/JMSSerializerBundle) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/schmittjoh/JMSSerializerBundle/releases)
- [Changelog](https://github.com/schmittjoh/JMSSerializerBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/schmittjoh/JMSSerializerBundle/compare/5.2.0...5.2.1)

---
updated-dependencies:
- dependency-name: jms/serializer-bundle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:08:16 +00:00
dependabot[bot] 3ef570a474
Bump doctrine/persistence from 3.1.3 to 3.1.4 
Bumps [doctrine/persistence](https://github.com/doctrine/persistence) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/doctrine/persistence/releases)
- [Commits](https://github.com/doctrine/persistence/compare/3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: doctrine/persistence
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:06:39 +00:00
dependabot[bot] 22e0dfb8d6
Bump sass from 1.57.1 to 1.58.0 
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.1 to 1.58.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.1...1.58.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:02:20 +00:00
dependabot[bot] c4a72d7508
Bump stylelint-webpack-plugin from 3.3.0 to 4.0.0 
Bumps [stylelint-webpack-plugin](https://github.com/webpack-contrib/stylelint-webpack-plugin) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/webpack-contrib/stylelint-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/stylelint-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/stylelint-webpack-plugin/compare/v3.3.0...v4.0.0)

---
updated-dependencies:
- dependency-name: stylelint-webpack-plugin
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:01:46 +00:00
dependabot[bot] e06f6735e3
Bump jms/serializer from 3.21.0 to 3.22.0 
Bumps [jms/serializer](https://github.com/schmittjoh/serializer) from 3.21.0 to 3.22.0.
- [Release notes](https://github.com/schmittjoh/serializer/releases)
- [Changelog](https://github.com/schmittjoh/serializer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/schmittjoh/serializer/compare/3.21.0...3.22.0)

---
updated-dependencies:
- dependency-name: jms/serializer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:01:30 +00:00
Jeremy Benoist 42b03d2834
Fix release script 
The release script cloned the master branch by default because we never have to clone something else from now.
The script will now clone the tag using the given VERSION parameter.
 2023-02-03 10:10:35 +01:00
github-actions[bot] b32d6d448b
Merge pull request #6272 from wallabag/dependabot/npm_and_yarn/http-cache-semantics-4.1.1 
Bump http-cache-semantics from 4.1.0 to 4.1.1
 2023-02-02 05:50:21 +00:00
dependabot[bot] e6e171c8ee
Bump http-cache-semantics from 4.1.0 to 4.1.1 
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases)
- [Commits](https://github.com/kornelski/http-cache-semantics/commits)

---
updated-dependencies:
- dependency-name: http-cache-semantics
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 05:43:19 +00:00
Jérémy Benoist cc68ed2b5d
Merge pull request #6270 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.1 2023-02-02 06:43:13 +01:00
Jérémy Benoist db6a85afb1
Merge pull request #6271 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.22 2023-02-02 06:42:48 +01:00
dependabot[bot] 862660ae1a
Bump phpstan/phpstan-symfony from 1.2.21 to 1.2.22 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.21 to 1.2.22.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.21...1.2.22)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 03:03:09 +00:00
dependabot[bot] 29d384598d
Bump nelmio/api-doc-bundle from 4.11.0 to 4.11.1 
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases)
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.11.0...v4.11.1)

---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 03:02:10 +00:00
Nicolas Lœuillet 0c313d396b
Merge pull request #6268 from wallabag/dependabot/composer/symfony/symfony-4.4.50 
Bump symfony/symfony from 4.4.49 to 4.4.50
 2023-02-01 21:54:40 +01:00
dependabot[bot] 522db91841
Bump symfony/symfony from 4.4.49 to 4.4.50 
Bumps [symfony/symfony](https://github.com/symfony/symfony) from 4.4.49 to 4.4.50.
- [Release notes](https://github.com/symfony/symfony/releases)
- [Changelog](https://github.com/symfony/symfony/blob/v4.4.50/CHANGELOG-4.4.md)
- [Commits](https://github.com/symfony/symfony/compare/v4.4.49...v4.4.50)

---
updated-dependencies:
- dependency-name: symfony/symfony
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 20:46:46 +00:00
Jérémy Benoist 8954100779
Merge pull request #6267 from wallabag/release/2.5.3 
Prepare 2.5.3
 2023-02-01 10:15:18 +01:00
Jeremy Benoist b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist 5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Jérémy Benoist 0f7460dbab
Merge pull request from GHSA-qwx8-mxxx-mg96 
ExportController: fix improper authorization vulnerability
 2023-02-01 09:30:43 +01:00
Jérémy Benoist 315d710f93
Merge pull request #6266 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.21 2023-02-01 07:09:46 +01:00
dependabot[bot] 3c5cfae0d5
Bump phpstan/phpstan-symfony from 1.2.20 to 1.2.21 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.20 to 1.2.21.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.20...1.2.21)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 03:01:45 +00:00
Jérémy Benoist 849da17750
Merge pull request #6264 from weblate/weblate-wallabag-messages 2023-01-31 12:32:05 +01:00
Quentin PAGÈS dc4687d75c
Translated using Weblate (Occitan) 
Currently translated at 92.3% (533 of 577 strings)
 2023-01-31 11:50:16 +01:00
Jérémy Benoist 77a9c842fc
Merge pull request #6262 from wallabag/dependabot/github_actions/dependabot/fetch-metadata-1.3.6 2023-01-30 04:55:55 +01:00
dependabot[bot] 8bd2bae841
Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:07:21 +00:00
github-actions[bot] a4f77189f0
Merge pull request #6261 from wallabag/dependabot/npm_and_yarn/eslint-8.33.0 
Bump eslint from 8.32.0 to 8.33.0
 2023-01-30 03:05:51 +00:00
dependabot[bot] 64381d9a62
Bump eslint from 8.32.0 to 8.33.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:01:24 +00:00
Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Jérémy Benoist 172d8da64b
Merge pull request #6258 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.0 2023-01-26 05:15:01 +01:00
dependabot[bot] 69b262bfcd
Bump nelmio/api-doc-bundle from 4.10.2 to 4.11.0 
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle) from 4.10.2 to 4.11.0.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases)
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.10.2...v4.11.0)

---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:01:37 +00:00
Jérémy Benoist 7ab6df9b8a
Merge pull request #6257 from wallabag/dependabot/composer/symfony/phpunit-bridge-6.2.5 2023-01-25 07:31:44 +01:00
dependabot[bot] f5c67c7973
Bump symfony/phpunit-bridge from 6.2.3 to 6.2.5 
Bumps [symfony/phpunit-bridge](https://github.com/symfony/phpunit-bridge) from 6.2.3 to 6.2.5.
- [Release notes](https://github.com/symfony/phpunit-bridge/releases)
- [Changelog](https://github.com/symfony/phpunit-bridge/blob/6.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/phpunit-bridge/compare/v6.2.3...v6.2.5)

---
updated-dependencies:
- dependency-name: symfony/phpunit-bridge
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 03:01:39 +00:00
Jérémy Benoist 2e8ffa51b2
Merge pull request #6256 from wyntonfranklin/config-link-fix 2023-01-24 06:48:05 +01:00
Wynton Franklin baddc525bb fix for config links 2023-01-23 18:19:49 -04:00
github-actions[bot] 45ec5de9dc
Merge pull request #6255 from wallabag/dependabot/npm_and_yarn/eslint-plugin-import-2.27.5 
Bump eslint-plugin-import from 2.27.4 to 2.27.5
 2023-01-23 03:12:12 +00:00
dependabot[bot] 04e2f30d61
Bump eslint-plugin-import from 2.27.4 to 2.27.5 
Bumps [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) from 2.27.4 to 2.27.5.
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.27.4...v2.27.5)

---
updated-dependencies:
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-23 03:07:37 +00:00
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Jérémy Benoist 31bd2feb77
Merge pull request #6252 from wallabag/dependabot/composer/php-amqplib/php-amqplib-3.5.1 2023-01-20 06:33:55 +01:00
Jérémy Benoist 402d4517f7
Merge pull request #6253 from wallabag/dependabot/composer/phpstan/phpstan-1.9.14 2023-01-20 06:33:31 +01:00