mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-11-29 12:31:02 +00:00
Code Issues Projects Releases Wiki Activity
8545 commits 12 branches 100 tags 171 MiB
Commit graph

244 commits

Author SHA1 Message Date
Kevin Decherf
5240684be9 ConfigController: move OTP endpoints to POST method only 
Fixes GHSA-56fm-hfp3-x3w3

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Nicolas Lœuillet
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9 
Replace GET way to POST way to reset data user
 2023-08-21 11:08:24 +02:00
Nicolas Lœuillet
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect 
Fix: Use Session instead of Referrer for Redirection
 2023-08-21 10:32:03 +02:00
Nicolas Lœuillet
a9893d754f Replace GET way to POST way to reset data user 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-08-09 21:39:03 +02:00
Kevin Decherf
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array 
Make Crawler::extract get an array
 2023-08-09 11:03:03 +02:00
Yassine Guedidi
ec33ec14e5 Replace Client by KernelBrowser 2023-08-08 02:55:35 +01:00
Yassine Guedidi
093003d9af Make Crawler::extract get an array 2023-08-07 22:51:18 +01:00
Michael Ciociola
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect 2023-08-06 20:14:44 +00:00
Nicolas Lœuillet
5fe5551972 Fix failing randomly test 2023-07-27 07:55:42 +02:00
Nicolas Lœuillet
c75d3e6961 Remove twofactor_auth parameter 
Fix #6649
 2023-07-15 16:18:01 +02:00
Nicolas Lœuillet
6639f7da6d Fix export for same domain entries 2023-06-29 19:59:08 +02:00
Nicolas Lœuillet
28db6c22eb
Fix duplicate tags creation when assigning search results to tag 
Fixes #6330
 2023-06-17 15:19:59 +02:00
Nicolas Lœuillet
7eddea6ff7
Added test 2023-06-16 14:27:27 +02:00
Simounet
e5b72f3123
Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de
Fix tests 2023-01-16 10:21:37 +01:00
Kevin Decherf
2f2cfa2c2a Add prefix for tag slugs 
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.

Fixes #6048

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-11 23:20:13 +01:00
Jeremy Benoist
de5b138a59
Fix CS 2022-12-13 10:26:51 +01:00
Michael
fbccae8a79 fix: update remove tag test to accept root relative urls 2022-12-10 11:52:18 -06:00
Jeremy Benoist
dd2f2fe340
Fix pt_BR test 2022-11-29 18:01:46 -08:00
Jeremy Benoist
aa5c7f05b8
Upgrade to Symfony 4.4 
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
 2022-11-29 18:01:46 -08:00
Jeremy Benoist
b7dba18cb2
Cleanup 2022-11-23 15:51:33 +01:00
Jeremy Benoist
1d3935fbd3
Remove LiipThemeBundle 
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
 2022-11-23 14:52:06 +01:00
Nicolas Lœuillet
680da52ea8 Fixed tests 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
594c609a54 Fixed edit button for tagging rules 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
aedaa50887 Fixed tests 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
29308024ac Removed old, not so maintained and buggy baggy theme 2022-11-03 09:55:20 +01:00
Jeremy Benoist
c372d68cc1
Merge remote-tracking branch 'origin/master' into 2.6.0 2022-10-18 11:11:02 +02:00
Jeremy Benoist
53574f05d5
Fix random failing tests 
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
 2022-10-10 09:15:26 +02:00
Yassine Guedidi
98af2e25f2 Use ::class notation where possible 2022-09-01 20:54:56 +02:00
Yassine Guedidi
eb43c78720 Use FQCN instead of service alias 2022-09-01 09:07:19 +02:00
Yassine Guedidi
156158673f Alias Config entity to ConfigEntity to not conflict with Craue Config 2022-09-01 09:07:18 +02:00
Yassine Guedidi
8b7b4975d6 Migrate getRepository with entities 2022-08-26 17:47:46 +02:00
Yassine Guedidi
844e8e9d22 Use FQCN as service name for helper services 2022-08-24 23:24:24 +02:00
Jeremy Benoist
131f21883d
Merge remote-tracking branch 'origin/master' into 2.6.0 2022-08-23 08:43:46 +02:00
Jeremy Benoist
cd4105bbe9
Fix tests 2022-08-22 19:57:57 +02:00
Kevin Decherf
08eb190c95 Add support of mass action to tag entries 
Closes #3118

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2022-06-29 15:48:41 +02:00
Nicolas Lœuillet
5291f7fb97 Fixed test 2022-06-16 15:18:10 +02:00
Nicolas Lœuillet
4feca1ccd5
Added tag deletion from tags list 
Fixed #2952
 2022-06-15 16:18:11 +02:00
Jeremy Benoist
37019b5ad5
Fix tests 2022-05-13 14:15:19 +02:00
Jeremy Benoist
4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jeremy Benoist
9f6414785c
Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e
Added action to tag search results 2022-04-20 22:57:25 +02:00
Kevin Decherf
1608bf5a4e Replace iconv() calls with Transliterator 
See https://stackoverflow.com/a/35178027/954513

Closes #5377

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2022-03-21 22:12:11 +01:00
Jérémy Benoist
eb99cacf43
Merge pull request #5664 from Simounet/feat/home-entries-updated 2022-03-15 09:34:00 +01:00