Yassine Guedidi
2ed8c219cc
Move Annotation controller to Core
2024-01-25 20:34:39 +01:00
Yassine Guedidi
0178c7356d
Fix PHPStan errors
2024-01-22 19:15:54 +01:00
Yassine Guedidi
0a117958c9
Apply PHP-CS-Fixer fixes
2024-01-22 19:15:54 +01:00
Yassine Guedidi
f0360bc31f
Fix JPEG images extension
2024-01-22 19:15:54 +01:00
Yassine Guedidi
325ff1a419
Merge pull request #7181 from yguedidi/remove-need-for-test_database_path
...
Remove need for TEST_DATABASE_PATH
2024-01-16 11:08:26 +01:00
Yassine Guedidi
e2b8ff3dc0
Skip database reset on partial test run
2024-01-16 09:29:33 +01:00
Yassine Guedidi
7e40142aa0
Remove need for TEST_DATABASE_PATH
2024-01-14 23:16:31 +01:00
Yassine Guedidi
369e7b6e04
Show the output of commands in the bootstrap file
2024-01-09 08:11:16 +01:00
Yassine Guedidi
99ad390144
Move loading fixtures to the bootstrap file
2024-01-09 08:11:16 +01:00
Yassine Guedidi
4a4b584a46
Move prepare database commands to the bootstrap file
2024-01-09 08:11:16 +01:00
Yassine Guedidi
3e403b84d3
Move tests cache clean to the bootstrap file
2024-01-09 08:11:16 +01:00
Yassine Guedidi
18b09979d6
Introduce a tests bootstrap file
2024-01-09 08:11:16 +01:00
Yassine Guedidi
16c239aa78
Merge branch '2.6' into merge-2.6-in-master
2024-01-03 11:08:10 +01:00
Yassine Guedidi
9bef459882
Make Redirect helper supports only absolute path reference URLs
2023-12-28 21:48:48 +01:00
Yassine Guedidi
7ebc96f3b9
Remove session-based redirection
2023-12-28 21:42:26 +01:00
Yassine Guedidi
f4493f7472
Remove support for fallback in Redirect helper
2023-12-28 21:42:12 +01:00
Yassine Guedidi
babe87c33b
Fix createClient() depreciation
2023-12-25 10:39:25 +01:00
Jeremy Benoist
2149ef4510
Add ObjectManagedLoader for PHPStan
2023-11-16 09:50:02 +01:00
Kevin Decherf
4a5f769428
Merge remote-tracking branch 'origin/2.6' into port/2.6.7
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-10-25 22:09:21 +02:00
Jeremy Benoist
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
Kevin Decherf
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:49:58 +02:00
Kevin Decherf
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-09-30 00:49:58 +02:00
Jeremy Benoist
c6ff0bc691
Remove remaining MOBI stuff
2023-08-23 08:49:56 +02:00
Nicolas Lœuillet
b1752b619d
Add display article configurator (font family, font size, line height and max width)
2023-08-22 13:02:50 +02:00
Nicolas Lœuillet
741db06447
Merge pull request #6761 from wallabag/add-shaarli-import
...
Add Shaarli and Pocket HTML imports
2023-08-22 10:18:17 +02:00
Nicolas Lœuillet
2af48b8174
Add Shaarli and Pocket HTML imports
2023-08-22 08:02:07 +02:00
Yassine Guedidi
8ef6a14652
Resolve self depreciation
2023-08-22 01:43:00 +02:00
Yassine Guedidi
1ce5164e70
Make testSaveIsArchivedAfterPatch and testSaveIsStarredAfterPatch consistent
2023-08-22 00:03:36 +02:00
Yassine Guedidi
a3b64611f8
Fix testSaveIsStarredAfterPatch
2023-08-22 00:03:36 +02:00
Nicolas Lœuillet
981d6a47da
Merge pull request #6793 from wallabag/fix-4414
...
Fix search when search term has useless space
2023-08-21 20:19:16 +02:00
Nicolas Lœuillet
4b338afa40
Merge pull request #6771 from wallabag/add-annotations-in-search
...
Add articles which have annotations with search term in results
2023-08-21 20:19:00 +02:00
Nicolas Lœuillet
1c2190fd68
Merge pull request #6769 from wallabag/add-not-parsed-boolean
...
Add `isNotParsed` field on Entry entity
2023-08-21 20:18:44 +02:00
Nicolas Lœuillet
407dd48ed0
Merge pull request #6767 from wallabag/remove-demo
...
Remove (useless) demo mode
2023-08-21 20:18:18 +02:00
Nicolas Lœuillet
397ad455e6
Merge pull request #6655 from wallabag/add-command-to-update-picture-url
...
Add command to clean pictures path when changing instance URL
2023-08-21 20:17:40 +02:00
Nicolas Lœuillet
88c9df9b80
Add command to clean pictures path when changing instance URL
2023-08-21 13:17:13 +02:00
Nicolas Lœuillet
cbcfa69c05
Remove (useless) demo mode
...
Fix #6671
2023-08-21 13:16:56 +02:00
Nicolas Lœuillet
20578f0b8e
Add isNotParsed field on Entry entity
...
Fix #4350
2023-08-21 13:16:42 +02:00
Nicolas Lœuillet
18e1106f76
Add articles which have annotations with search term in results
...
Fix #3635
2023-08-21 13:16:36 +02:00
Nicolas Lœuillet
6ff00315d0
Fix search when search term has useless space
2023-08-21 13:16:14 +02:00
Yassine Guedidi
0f17a8cf8a
PHPStan level 3
2023-08-21 12:03:38 +02:00
Nicolas Lœuillet
ffcc5c9062
Merge pull request from GHSA-gjvc-55fw-v6vq
...
Replace GET way to POST way to delete API client
2023-08-21 11:08:47 +02:00
Nicolas Lœuillet
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
Nicolas Lœuillet
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect
...
Fix: Use Session instead of Referrer for Redirection
2023-08-21 10:32:03 +02:00
Nicolas Lœuillet
c3d1f92278
Replace GET way to POST way to delete API client
2023-08-09 21:54:40 +02:00
Nicolas Lœuillet
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-08-09 21:39:03 +02:00
Kevin Decherf
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array
...
Make Crawler::extract get an array
2023-08-09 11:03:03 +02:00
Kevin Decherf
815158fefa
Merge pull request #6813 from yguedidi/replace-client-by-kernelbrowser
...
Replace Client by KernelBrowser
2023-08-08 23:36:06 +02:00
Kevin Decherf
807d473564
Merge pull request #6811 from yguedidi/replace-getresponseevent-by-requestevent
...
Replace GetResponseEvent by RequestEvent
2023-08-08 16:53:18 +02:00
Yassine Guedidi
ec33ec14e5
Replace Client by KernelBrowser
2023-08-08 02:55:35 +01:00
Yassine Guedidi
093003d9af
Make Crawler::extract get an array
2023-08-07 22:51:18 +01:00
Yassine Guedidi
58a0ca2622
Replace GetResponseEvent by RequestEvent
2023-08-07 22:34:47 +01:00
Michael Ciociola
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect
2023-08-06 20:14:44 +00:00
Yassine Guedidi
7d78e2ae06
Ensure the kernel is shut down before calling createClient
2023-08-06 13:48:53 +01:00
Nicolas Lœuillet
5fe5551972
Fix failing randomly test
2023-07-27 07:55:42 +02:00
Nicolas Lœuillet
c75d3e6961
Remove twofactor_auth parameter
...
Fix #6649
2023-07-15 16:18:01 +02:00
Nicolas Lœuillet
6639f7da6d
Fix export for same domain entries
2023-06-29 19:59:08 +02:00
Nicolas Lœuillet
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
...
Fixes #6330
2023-06-17 15:19:59 +02:00
Nicolas Lœuillet
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
Nicolas Lœuillet
19322142c3
Fixed testsuite
2023-06-16 14:27:26 +02:00
Simounet
e5b72f3123
Fix Stylelint errors
2023-06-12 18:15:38 +02:00
Jérémy Benoist
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following
...
Fix DownloadImages not following redirections
2023-05-31 15:04:02 +02:00
Simounet
548b610a17
Fix images downloading with numeric HTML entity
2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a
Fix DownloadImages not following redirections
2023-05-30 12:41:00 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
Casper Meijn
5a5148707c
Fix API allowed_registration
...
Two configuration options need to be enabled to allow user registration via the API:
1) fosuser_registration, which indicates whether registration is allowed at all (frontend and API)
2) api_user_registration, which indicates whether registration is allowed via the API
2023-03-28 20:12:55 +02:00
Jeremy Benoist
a237414f9c
Skip test because of encoding issue in PHP 8.1
2023-03-24 22:57:11 +01:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3
2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de
Fix tests
2023-01-16 10:21:37 +01:00
Kevin Decherf
2f2cfa2c2a
Add prefix for tag slugs
...
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.
Fixes #6048
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-11 23:20:13 +01:00
Jeremy Benoist
6aca334d53
Move to controller as a service
...
Mostly using autowiring to inject deps.
The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case.
Usually:
- if a controller has a constructor, it means injected services are at least re-used once in actions
- otherwise, service are injected per action
2022-12-19 10:38:08 +01:00
Jeremy Benoist
b3099f68c5
Update all Doctrine deps
...
Also update these deps to be compatible with latest Doctrine version:
- `friendsofsymfony/oauth-server-bundle`
- `lexik/form-filter-bundle`
- `dama/doctrine-test-bundle`
2022-12-16 10:29:42 +01:00
Jeremy Benoist
32661f380c
Replace SwiftMailer by Symfony Mailer
2022-12-16 10:03:34 +01:00
Jeremy Benoist
d47c208743
Fix EventDispatcer & events
...
Looks like parameter for the `->dispatch(` have been flipped (event first then event name).
Define events should now extends `Symfony\Contracts\EventDispatcher\Event`
2022-12-15 21:47:31 +01:00
Jeremy Benoist
33267f0736
Update to FOSUserBundle 3.1
...
Also remove some deprecation from Symfony.
Use `LegacyEventDispatcherProxy` to handle Symfony 4 dispatch from FOSUser
2022-12-14 09:42:17 +01:00
Jeremy Benoist
de5b138a59
Fix CS
2022-12-13 10:26:51 +01:00
Michael
fbccae8a79
fix: update remove tag test to accept root relative urls
2022-12-10 11:52:18 -06:00
Jeremy Benoist
e79f5c7a21
Skip MySQL test
2022-11-29 18:01:46 -08:00
Jeremy Benoist
dd2f2fe340
Fix pt_BR
test
2022-11-29 18:01:46 -08:00
Jeremy Benoist
aa5c7f05b8
Upgrade to Symfony 4.4
...
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
2022-11-29 18:01:46 -08:00
Jeremy Benoist
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
Yassine Guedidi
af6363bbbd
Fix missing call to parent setUp
2022-11-23 15:25:11 +01:00
Jeremy Benoist
1d3935fbd3
Remove LiipThemeBundle
...
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
2022-11-23 14:52:06 +01:00
Jeremy Benoist
8d3fcd4635
Merge remote-tracking branch 'origin/master' into 2.6.0
2022-11-03 10:30:17 +01:00
Nicolas Lœuillet
680da52ea8
Fixed tests
2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
594c609a54
Fixed edit button for tagging rules
2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
aedaa50887
Fixed tests
2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
29308024ac
Removed old, not so maintained and buggy baggy theme
2022-11-03 09:55:20 +01:00
Yassine Guedidi
e32794e9d6
Remove useless command input parameter
2022-10-18 15:19:07 +02:00
Yassine Guedidi
17497275b2
Use find for remaining useless addition
2022-10-18 15:19:07 +02:00
Yassine Guedidi
6915a92047
Remove useless command addition
2022-10-18 15:19:07 +02:00
Yassine Guedidi
8f20df6559
Remove InstallCommandMock
2022-10-18 15:19:07 +02:00
Jeremy Benoist
dc28d7ea0f
Add support to download SVG locally
2022-10-18 11:14:45 +02:00
Jeremy Benoist
c372d68cc1
Merge remote-tracking branch 'origin/master' into 2.6.0
2022-10-18 11:11:02 +02:00
Jeremy Benoist
d4b0b62bb5
Fix unrelated failing test
...
LExpansion is down ATM.
Use a website which isn't down randomly.
2022-10-17 21:49:03 +02:00
Jeremy Benoist
7b150dcd26
Add tests
2022-10-17 21:37:08 +02:00
Jeremy Benoist
53574f05d5
Fix random failing tests
...
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
2022-10-10 09:15:26 +02:00