Commit graph

39 commits

Author SHA1 Message Date
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jeremy Benoist
732ec8a2eb
Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
Kevin Decherf
71f7e58fbd tests: add a NetworkCalls group for tests making network calls
Excluding this group can decrease the run time of tests during
development.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
24230a5130 Add new Ignore Origin rules tab, update ConfigController
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Nicolas Lœuillet
4ff1efa418
Added a button to disable 2FA when enabled 2020-04-13 17:00:53 +02:00
Nicolas Lœuillet
af7b22a3be
Fixed default value for reading speed 2019-09-19 14:23:06 +02:00
Jérémy Benoist
4f46330087
Merge pull request #4053 from wallabag/feature/manual-input-reading-speed
Add ability to manually define the reading speed
2019-07-09 11:53:20 +02:00
Jeremy Benoist
41022cb289
Add ability to manually define the reading speed
Instead of using a select, let the user decide its own speed.
2019-07-08 20:18:59 +02:00
Jeremy Benoist
34be2d5de4
Add ability to import/export tagging rules
- Add missing translations
- Add some tests
- Add `/api/taggingrule/export` API endpoint
- Add baggy theme
- Add error message when importing tagging rules failed
- Also fix all translations (I think we are good now)
2019-07-08 09:38:32 +02:00
Jeremy Benoist
c4bf12aade
Add ability to revoke feed token 2019-06-05 17:55:13 +02:00
Thomas Citharel
531c8d0a5c
Changed RSS to Atom feed and improve paging 2019-04-25 13:46:31 +02:00
Jeremy Benoist
a0c5eb003f
Change the way to enable 2FA
And add a step to validate a generated code from the OTP app
2019-01-23 13:28:24 +01:00
Jeremy Benoist
a6b242a1fd
Enable OTP 2FA
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
2019-01-23 13:28:02 +01:00
Jeremy Benoist
1e0d8ad7b7
Enable PHPStan
- Fix error for level 0 & 1 (level 7 has 699 errors...)
- Add `updated_at` to site_credential (so the `timestamps()` method applies correctly)
2019-01-18 15:25:50 +01:00
Jeremy Benoist
4d4147b228
Ensure language is valid
- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
2018-10-13 09:39:00 +02:00
Sébastien Viande
7975395d10
Entry: add archived_at property and updateArchived method 2018-09-21 10:33:33 +02:00
Jeremy Benoist
778543311f
Fix tests 2018-06-06 17:34:20 +02:00
Jeremy Benoist
f808b01692
Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
adev
7ab5eb9508 Isolated tests
Use https://github.com/dmaicher/doctrine-test-bundle to have test isolation.
2017-05-31 16:03:54 +02:00
Nicolas Lœuillet
73f28afb19
Renamed countAllEntriesByUsername method 2017-03-31 10:46:47 +02:00
Thomas Citharel
6da1aebc94 Allow to remove all archived entries
Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-03-31 10:46:05 +02:00
Thomas Citharel
273b6f0658 Rename method from *username to *user
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-03-30 16:07:48 +02:00
Jeremy Benoist
5aa0294cca
Limit rule to 255
To avoid database error
2016-12-03 11:10:39 +01:00
Nicolas Lœuillet
56a7ce17f3 Hide article text on mobile with list mode 2016-11-28 14:27:58 +01:00
Nicolas Lœuillet
8f3ff39ca3 Added test for list view 2016-11-28 14:27:58 +01:00
Jeremy Benoist
5066c3e066
Re-use FOSUser master branch 2016-11-22 21:25:05 +01:00
Jeremy Benoist
68003139e1
Merge remote-tracking branch 'origin/master' into 2.2
# Conflicts:
#	.editorconfig
#	docs/de/index.rst
#	docs/de/user/import.rst
#	docs/en/index.rst
#	docs/en/user/configuration.rst
#	docs/en/user/import.rst
#	docs/fr/index.rst
#	docs/fr/user/import.rst
#	src/Wallabag/CoreBundle/Command/InstallCommand.php
#	src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
#	src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
#	src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
#	web/bundles/wallabagcore/themes/baggy/css/style.min.css
#	web/bundles/wallabagcore/themes/baggy/js/baggy.min.js
#	web/bundles/wallabagcore/themes/material/css/style.min.css
#	web/bundles/wallabagcore/themes/material/js/material.min.js
2016-11-19 15:30:49 +01:00
Nicolas Lœuillet
540a9bc4a2 Added help on config screen 2016-11-17 09:22:39 +01:00
Nicolas Lœuillet
a42f38d9fb
Added a configuration to define the redirection after archiving an entry
Fix #496
2016-11-16 23:07:34 +01:00
Jeremy Benoist
94060509b8
Use more explicit check 2016-11-07 08:36:52 +01:00
Jeremy Benoist
206bade58a
Add ability to reset some datas
- annotations
- tags
- entries
2016-10-22 13:13:06 +02:00
Jeremy Benoist
876d77a67d
Better display and description
Confirmation message isn’t required since it is written in the delete description
2016-10-08 20:25:42 +02:00
Jeremy Benoist
c3396c65ef
Fix some tests 2016-10-08 14:07:13 +02:00
Nicolas Lœuillet
b840268711
Added a test to check if entries are also deleted 2016-10-08 13:27:18 +02:00
Nicolas Lœuillet
71254701b7
Changed tests 2016-10-08 13:27:18 +02:00
Nicolas Lœuillet
821bb87685
Added tests 2016-10-08 13:27:18 +02:00
Jeremy Benoist
eb4142e0af
Remove NewUser test from Config 2016-10-02 11:09:28 +02:00
Jeremy Benoist
bf3dc999e7
Add ability to edit a tagging rule 2016-10-01 16:52:05 +02:00
Jeremy Benoist
23634d5d84 Jump to Symfony 3.1 2016-06-22 17:59:35 +02:00
Renamed from src/Wallabag/CoreBundle/Tests/Controller/ConfigControllerTest.php (Browse further)