Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de
Fix tests
2023-01-16 10:21:37 +01:00
Jeremy Benoist
53574f05d5
Fix random failing tests
...
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
2022-10-10 09:15:26 +02:00
Jeremy Benoist
cd4105bbe9
Fix tests
2022-08-22 19:57:57 +02:00
Jeremy Benoist
37019b5ad5
Fix tests
2022-05-13 14:15:19 +02:00
Jeremy Benoist
4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0
2022-05-13 13:50:50 +02:00
Jeremy Benoist
9f6414785c
Fix tests
2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e
Added action to tag search results
2022-04-20 22:57:25 +02:00
Kevin Decherf
1608bf5a4e
Replace iconv() calls with Transliterator
...
See https://stackoverflow.com/a/35178027/954513
Closes #5377
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2022-03-21 22:12:11 +01:00
Jérémy Benoist
eb99cacf43
Merge pull request #5664 from Simounet/feat/home-entries-updated
2022-03-15 09:34:00 +01:00
Adrien Gallou
29df8ed590
this change adds an option to sort the feed entires by updated_at
...
There is now an option to sort the feed entires by updated_at, on the
controler : a sort querystring argument that accepts either "created"
or "updated".
2022-03-14 22:58:45 +01:00
Simounet
85e91f9e67
CSS grid used for bloc mode entries and flex for card bloc
2022-03-14 22:09:07 +01:00
Jeremy Benoist
7ec0c9f844
Fix tests
2022-03-02 20:12:08 +01:00
Nicolas Lœuillet
cd975c5f13
Added annotated filter
2022-03-02 20:07:44 +01:00
Nicolas Lœuillet
6dfc031839
Enhanced tests and changed route
2022-03-02 20:07:43 +01:00
Nicolas Lœuillet
0aeaf0e8c2
Added tests
2022-03-02 20:07:17 +01:00
Jeremy Benoist
9a6146d2ef
Merge remote-tracking branch 'origin/master' into 2.5.0
2022-03-02 20:03:33 +01:00
Jeremy Benoist
5c4993832e
Fix tagging rule match when user a custom reading speed
...
By default, we assume the reading speed is 200 word per minute (WPM) when we save an entry.
User can change that value in the config and the rendering is properly performed with the user reading speed.
BUT, when the matching rule is applied, it uses the default reading time defined in the entry without applying the custom reading speed of the user.
This should fix that bug.
Also update the `wallabag:tag:all` to fix the bug when tagging all entries.
2022-03-02 19:12:33 +01:00
Jeremy Benoist
3c507d676f
Add build test on PHP 8.0 & 8.1
...
Add `isTransactional` to `WallabagMigration` because PHP 8 behave differently with PDO transaction.
This is a workaround because we can't upgrade Doctrine Migration for now (upper versions have the fix).
- Build is now using Composer v2 (instead of v1)
- All actions have been updated to latest version
- Fix bug in PHP 8 were `$entry->getTags()` can't be properly used as a _traversable_ by `assertContains` during tests. Added a custom method `Entry::getTagsLabel()` which return a flatted tag array with only label
- Replace `assertNotRegExp` by `assertDoesNotMatchRegularExpression` because it was deprecated
2022-01-31 12:59:39 +01:00
Jeremy Benoist
0afd91a160
Remove dead test
...
The URL seems to be down now.
Move to a more frequent deps update
2022-01-05 13:25:50 +01:00
Nicolas Lœuillet
c34fe9945a
Fixed test
2021-08-03 08:36:56 +02:00
Nicolas Lœuillet
609193cf59
Fixed unavailable russian website in test
2021-08-03 07:56:14 +02:00
Simounet
6324d30db2
Fix PHPUnit deprecated warning
2021-04-14 13:07:46 +02:00
Nicolas Lœuillet
890c7d0bfa
Added button to show entries with the same domain
2021-02-08 09:45:38 +01:00
Jeremy Benoist
f061581bbd
Fix test
2021-02-08 09:38:01 +01:00
Jeremy Benoist
3137d9b1cc
Fix test
2021-02-08 09:05:57 +01:00
Kevin Decherf
8e89b3ad76
Preselect currently active section in the filter menu
...
Fixes #2533
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2021-01-24 02:16:43 +01:00
Jeremy Benoist
83f10796a7
Fix Russian language validation
2020-12-14 09:33:31 +01:00
Jeremy Benoist
732ec8a2eb
Fix deprecated method in tests
2020-06-15 14:21:35 +02:00
Jeremy Benoist
7332d1f4e5
Remove support for PHP < 7.2
...
Updating deps
- Removing electrolinux/php-html5lib (0.1.0)
- Updating doctrine/inflector (1.3.1 => 1.4.3)
- Updating doctrine/lexer (1.0.2 => 1.2.1)
- Installing symfony/polyfill-php80 (v1.17.0)
- Updating symfony/service-contracts (v1.1.8 => v2.1.2)
- Installing symfony/deprecation-contracts (v2.1.2)
- Updating symfony/mime (v4.4.8 => v5.1.1)
- Updating friendsofsymfony/rest-bundle (2.7.4 => 2.8.0)
- Updating doctrine/instantiator (1.3.0 => 1.3.1)
- Updating ocramius/proxy-manager (2.1.1 => 2.2.3)
- Updating php-http/discovery (1.7.4 => 1.8.0)
- Updating symfony/http-client-contracts (v1.1.8 => v2.1.2)
- Updating symfony/http-client (v4.4.8 => v5.1.1)
- Updating php-http/httplug-bundle (1.16.0 => 1.18.0)
- Updating symfony/phpunit-bridge (v4.3.11 => v5.1.1)
- Updating doctrine/data-fixtures (1.3.3 => 1.4.3)
- Updating composer/xdebug-handler (1.4.1 => 1.4.2)
- Updating masterminds/html5 (2.7.0 => 2.7.1)
- Updating j0k3r/php-readability (1.2.4 => 1.2.5)
- Updating phpoption/phpoption (1.7.3 => 1.7.4)
- Updating nikic/php-parser (v4.4.0 => v4.5.0)
- Installing thecodingmachine/safe (v1.1.1)
- Updating spomky-labs/otphp (v9.1.4 => v10.0.1)
- Updating pagerfanta/pagerfanta (v2.1.3 => v2.3.0)
Package white-october/pagerfanta-bundle is abandoned, you should avoid using it. Use babdev/pagerfanta-bundle instead.
- Removing white-october/pagerfanta-bundle (v1.3.2)
- Installing babdev/pagerfanta-bundle (v2.4.2)
Upgrading PHPStan to 0.12 and use extension installer
- Removing phpstan/phpdoc-parser (0.3.5)
- Removing nette/utils (v3.1.2)
- Removing nette/schema (v1.0.2)
- Removing nette/robot-loader (v3.2.3)
- Removing nette/php-generator (v3.4.0)
- Removing nette/neon (v3.1.2)
- Removing nette/finder (v2.5.2)
- Removing nette/di (v3.0.4)
- Removing nette/bootstrap (v3.0.2)
- Updating phpstan/phpstan (0.11.19 => 0.12.29)
- Updating phpstan/phpstan-doctrine (0.11.6 => 0.12.16)
- Updating phpstan/phpstan-phpunit (0.11.2 => 0.12.11)
- Updating phpstan/phpstan-symfony (0.11.6 => 0.12.6)
- Installing phpstan/extension-installer (1.0.4)
Upgrading jms/serializer-bundle to version 3 (and willdurand/hateoas-bundle to version 2)
- Removing phpoption/phpoption (1.7.4)
- Removing phpcollection/phpcollection (0.5.0)
- Removing jms/parser-lib (1.0.0)
- Updating jms/metadata (1.7.0 => 2.3.0)
- Updating jms/serializer (1.14.1 => 3.7.0)
- Updating jms/serializer-bundle (2.4.4 => 3.6.0)
- Updating willdurand/hateoas (2.12.0 => 3.6.0)
- Updating willdurand/hateoas-bundle (1.4.0 => 2.1.0)
Upgrading dama/doctrine-test-bundle to version 6
- Updating dama/doctrine-test-bundle (v5.0.3 => v6.2.0)
2020-06-15 08:25:59 +02:00
Kevin Decherf
71f7e58fbd
tests: add a NetworkCalls group for tests making network calls
...
Excluding this group can decrease the run time of tests during
development.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
7408a6cb68
Add controller, views and translations for ignore origin instance rules
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
24230a5130
Add new Ignore Origin rules tab, update ConfigController
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Nicolas Lœuillet
467327771a
Added mass actions for Material design in list view
2020-04-24 09:12:57 +02:00
Nicolas Lœuillet
01f8a776a4
Fixed unit tests
2020-04-22 14:58:37 +02:00
Kevin Decherf
48f9a9632d
TagController: support merging labels when renaming one with label of another
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:12:33 +02:00
Kevin Decherf
a19caf8a37
TagController: prevent tag deletion when renaming a tag with the same label
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:09:07 +02:00
Kevin Decherf
39133eb796
TagController: fix duplicated tags when renaming them
...
The fix relies on a workaround available on TagsAssigner, see the
AssignTagsToEntry() signature for detail.
I replaced the findOneByLabel in the corresponding test to assert that
there is no duplicate.
Fixes #4216
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:09:07 +02:00
Nicolas Lœuillet
4ff1efa418
Added a button to disable 2FA when enabled
2020-04-13 17:00:53 +02:00
Jeremy Benoist
3cd659fc34
Fix tests
2020-03-31 15:56:48 +02:00
Jérémy Benoist
26467fa6b4
Merge pull request #4299 from wallabag/fix/4133
...
Fix createdAt filter on material
2020-03-28 16:38:12 +01:00
Kevin Decherf
8ee7b1603d
Fix createdAt date range filter
...
- hiddenName has been disabled in order to fix the missing date range
values when using the material theme
- data format has been changed to 'Y-m-d' in order to comply with the
browser date input default format
- tests: date() and strtotime have been replaced with DateTime-related
objects
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-03-22 17:01:39 +01:00
Kevin Decherf
ef81e3c89b
tests: replace baggy theme used in EntryController tests
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-03-22 17:01:39 +01:00
Kevin Decherf
93c5b47e88
ExportController: fix entries export from search view
...
Fixes #4240
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-02-23 00:43:21 +01:00
Jeremy Benoist
4a31f3b6a2
Fix tests
2019-11-13 13:05:58 +01:00
Jeremy Benoist
987237d588
Fix tests & update deps
...
- Updating twig/twig (v2.12.0 => v2.12.1)
- Updating symfony/mime (v4.3.4 => v4.3.5)
- Updating friendsofsymfony/rest-bundle (2.5.0 => 2.6.0)
- Updating j0k3r/graby-site-config (1.0.91 => 1.0.93)
- Updating monolog/monolog (1.24.0 => 1.25.1)
- Updating simplepie/simplepie (1.5.2 => 1.5.3)
- Updating symfony/http-client-contracts (v1.1.6 => v1.1.7)
- Updating symfony/http-client (v4.3.4 => v4.3.5)
- Updating nette/utils (v3.0.1 => v3.0.2)
- Updating phpstan/phpstan (0.11.17 => 0.11.18)
- Updating zendframework/zend-code (3.3.2 => 3.4.0)
- Updating php-amqplib/php-amqplib (v2.10.0 => v2.10.1)
- Updating beberlei/assert (v3.2.3 => v3.2.6)
- Updating zendframework/zend-diactoros (2.1.3 => 2.1.5)
- Updating sentry/sentry (2.2.1 => 2.2.2)
2019-10-22 16:56:33 +02:00
Nicolas Lœuillet
af7b22a3be
Fixed default value for reading speed
2019-09-19 14:23:06 +02:00
Jeremy Benoist
1ebc8e1f02
Fix tests
2019-07-26 13:37:44 +02:00