mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-06-26 00:50:44 +00:00
Code Issues Projects Releases Wiki Activity
9081 commits 13 branches 99 tags 147 MiB
Commit graph

268 commits

Author SHA1 Message Date
Yassine Guedidi 6787f598cb Move Import controllers to Core 2024-01-25 20:34:40 +01:00
Yassine Guedidi 81577ef6b0 Move Api entities to Core 2024-01-25 20:34:40 +01:00
Yassine Guedidi 3fc0b5fa5b Move Api controllers to Core 2024-01-25 20:34:40 +01:00
Yassine Guedidi a37ded9101 Move User entity to Core 2024-01-25 20:34:40 +01:00
Yassine Guedidi 3d7bb85d71 Move User controller to Core 2024-01-25 20:34:40 +01:00
Yassine Guedidi 2190174754 Move Annotation entity to Core 2024-01-25 20:34:39 +01:00
Yassine Guedidi 2ed8c219cc Move Annotation controller to Core 2024-01-25 20:34:39 +01:00
Yassine Guedidi 0a117958c9 Apply PHP-CS-Fixer fixes 2024-01-22 19:15:54 +01:00
Yassine Guedidi 16c239aa78 Merge branch '2.6' into merge-2.6-in-master 2024-01-03 11:08:10 +01:00
Yassine Guedidi 7ebc96f3b9 Remove session-based redirection 2023-12-28 21:42:26 +01:00
Kevin Decherf 4a5f769428 Merge remote-tracking branch 'origin/2.6' into port/2.6.7 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-10-25 22:09:21 +02:00
Jeremy Benoist fa107116cc
Prepare 2.6.7 release 2023-10-02 14:14:34 +02:00
Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step 
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Kevin Decherf 5240684be9 ConfigController: move OTP endpoints to POST method only 
Fixes GHSA-56fm-hfp3-x3w3

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Jeremy Benoist c6ff0bc691
Remove remaining MOBI stuff 2023-08-23 08:49:56 +02:00
Nicolas Lœuillet b1752b619d Add display article configurator (font family, font size, line height and max width) 2023-08-22 13:02:50 +02:00
Nicolas Lœuillet 981d6a47da
Merge pull request #6793 from wallabag/fix-4414 
Fix search when search term has useless space
 2023-08-21 20:19:16 +02:00
Nicolas Lœuillet 4b338afa40
Merge pull request #6771 from wallabag/add-annotations-in-search 
Add articles which have annotations with search term in results
 2023-08-21 20:19:00 +02:00
Nicolas Lœuillet 1c2190fd68
Merge pull request #6769 from wallabag/add-not-parsed-boolean 
Add `isNotParsed` field on Entry entity
 2023-08-21 20:18:44 +02:00
Nicolas Lœuillet 407dd48ed0
Merge pull request #6767 from wallabag/remove-demo 
Remove (useless) demo mode
 2023-08-21 20:18:18 +02:00
Nicolas Lœuillet cbcfa69c05 Remove (useless) demo mode 
Fix #6671
 2023-08-21 13:16:56 +02:00
Nicolas Lœuillet 20578f0b8e Add isNotParsed field on Entry entity 
Fix #4350
 2023-08-21 13:16:42 +02:00
Nicolas Lœuillet 18e1106f76 Add articles which have annotations with search term in results 
Fix #3635
 2023-08-21 13:16:36 +02:00
Nicolas Lœuillet 6ff00315d0 Fix search when search term has useless space 2023-08-21 13:16:14 +02:00
Yassine Guedidi 0f17a8cf8a PHPStan level 3 2023-08-21 12:03:38 +02:00
Nicolas Lœuillet 78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9 
Replace GET way to POST way to reset data user
 2023-08-21 11:08:24 +02:00
Nicolas Lœuillet 383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect 
Fix: Use Session instead of Referrer for Redirection
 2023-08-21 10:32:03 +02:00
Nicolas Lœuillet a9893d754f Replace GET way to POST way to reset data user 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-08-09 21:39:03 +02:00
Kevin Decherf 0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array 
Make Crawler::extract get an array
 2023-08-09 11:03:03 +02:00
Yassine Guedidi ec33ec14e5 Replace Client by KernelBrowser 2023-08-08 02:55:35 +01:00
Yassine Guedidi 093003d9af Make Crawler::extract get an array 2023-08-07 22:51:18 +01:00
Michael Ciociola ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect 2023-08-06 20:14:44 +00:00
Nicolas Lœuillet 5fe5551972 Fix failing randomly test 2023-07-27 07:55:42 +02:00
Nicolas Lœuillet c75d3e6961 Remove twofactor_auth parameter 
Fix #6649
 2023-07-15 16:18:01 +02:00
Nicolas Lœuillet 6639f7da6d Fix export for same domain entries 2023-06-29 19:59:08 +02:00
Nicolas Lœuillet 28db6c22eb
Fix duplicate tags creation when assigning search results to tag 
Fixes #6330
 2023-06-17 15:19:59 +02:00
Nicolas Lœuillet 7eddea6ff7
Added test 2023-06-16 14:27:27 +02:00
Simounet e5b72f3123
Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Jeremy Benoist 66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Jeremy Benoist f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist 5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Jeremy Benoist ea189503de
Fix tests 2023-01-16 10:21:37 +01:00
Kevin Decherf 2f2cfa2c2a Add prefix for tag slugs 
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.

Fixes #6048

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-11 23:20:13 +01:00
Jeremy Benoist de5b138a59
Fix CS 2022-12-13 10:26:51 +01:00
Michael fbccae8a79 fix: update remove tag test to accept root relative urls 2022-12-10 11:52:18 -06:00
Jeremy Benoist dd2f2fe340
Fix pt_BR test 2022-11-29 18:01:46 -08:00
Jeremy Benoist aa5c7f05b8
Upgrade to Symfony 4.4 
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
 2022-11-29 18:01:46 -08:00