Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jeremy Benoist
732ec8a2eb
Fix deprecated method in tests
2020-06-15 14:21:35 +02:00
Kevin Decherf
71f7e58fbd
tests: add a NetworkCalls group for tests making network calls
...
Excluding this group can decrease the run time of tests during
development.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
24230a5130
Add new Ignore Origin rules tab, update ConfigController
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Nicolas Lœuillet
4ff1efa418
Added a button to disable 2FA when enabled
2020-04-13 17:00:53 +02:00
Nicolas Lœuillet
af7b22a3be
Fixed default value for reading speed
2019-09-19 14:23:06 +02:00
Jérémy Benoist
4f46330087
Merge pull request #4053 from wallabag/feature/manual-input-reading-speed
...
Add ability to manually define the reading speed
2019-07-09 11:53:20 +02:00
Jeremy Benoist
41022cb289
Add ability to manually define the reading speed
...
Instead of using a select, let the user decide its own speed.
2019-07-08 20:18:59 +02:00
Jeremy Benoist
34be2d5de4
Add ability to import/export tagging rules
...
- Add missing translations
- Add some tests
- Add `/api/taggingrule/export` API endpoint
- Add baggy theme
- Add error message when importing tagging rules failed
- Also fix all translations (I think we are good now)
2019-07-08 09:38:32 +02:00
Jeremy Benoist
c4bf12aade
Add ability to revoke feed token
2019-06-05 17:55:13 +02:00
Thomas Citharel
531c8d0a5c
Changed RSS to Atom feed and improve paging
2019-04-25 13:46:31 +02:00
Jeremy Benoist
a0c5eb003f
Change the way to enable 2FA
...
And add a step to validate a generated code from the OTP app
2019-01-23 13:28:24 +01:00
Jeremy Benoist
a6b242a1fd
Enable OTP 2FA
...
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
2019-01-23 13:28:02 +01:00
Jeremy Benoist
1e0d8ad7b7
Enable PHPStan
...
- Fix error for level 0 & 1 (level 7 has 699 errors...)
- Add `updated_at` to site_credential (so the `timestamps()` method applies correctly)
2019-01-18 15:25:50 +01:00
Jeremy Benoist
4d4147b228
Ensure language is valid
...
- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
2018-10-13 09:39:00 +02:00
Sébastien Viande
7975395d10
Entry: add archived_at property and updateArchived method
2018-09-21 10:33:33 +02:00
Jeremy Benoist
778543311f
Fix tests
2018-06-06 17:34:20 +02:00
Jeremy Benoist
f808b01692
Add a real configuration for CS-Fixer
2017-07-01 09:52:38 +02:00
adev
7ab5eb9508
Isolated tests
...
Use https://github.com/dmaicher/doctrine-test-bundle to have test isolation.
2017-05-31 16:03:54 +02:00
Nicolas Lœuillet
73f28afb19
Renamed countAllEntriesByUsername method
2017-03-31 10:46:47 +02:00
Thomas Citharel
6da1aebc94
Allow to remove all archived entries
...
Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-03-31 10:46:05 +02:00
Thomas Citharel
273b6f0658
Rename method from *username to *user
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-03-30 16:07:48 +02:00
Jeremy Benoist
5aa0294cca
Limit rule to 255
...
To avoid database error
2016-12-03 11:10:39 +01:00
Nicolas Lœuillet
56a7ce17f3
Hide article text on mobile with list mode
2016-11-28 14:27:58 +01:00
Nicolas Lœuillet
8f3ff39ca3
Added test for list view
2016-11-28 14:27:58 +01:00
Jeremy Benoist
5066c3e066
Re-use FOSUser master branch
2016-11-22 21:25:05 +01:00
Jeremy Benoist
68003139e1
Merge remote-tracking branch 'origin/master' into 2.2
...
# Conflicts:
# .editorconfig
# docs/de/index.rst
# docs/de/user/import.rst
# docs/en/index.rst
# docs/en/user/configuration.rst
# docs/en/user/import.rst
# docs/fr/index.rst
# docs/fr/user/import.rst
# src/Wallabag/CoreBundle/Command/InstallCommand.php
# src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
# src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
# web/bundles/wallabagcore/themes/baggy/css/style.min.css
# web/bundles/wallabagcore/themes/baggy/js/baggy.min.js
# web/bundles/wallabagcore/themes/material/css/style.min.css
# web/bundles/wallabagcore/themes/material/js/material.min.js
2016-11-19 15:30:49 +01:00
Nicolas Lœuillet
540a9bc4a2
Added help on config screen
2016-11-17 09:22:39 +01:00
Nicolas Lœuillet
a42f38d9fb
Added a configuration to define the redirection after archiving an entry
...
Fix #496
2016-11-16 23:07:34 +01:00
Jeremy Benoist
94060509b8
Use more explicit check
2016-11-07 08:36:52 +01:00
Jeremy Benoist
206bade58a
Add ability to reset some datas
...
- annotations
- tags
- entries
2016-10-22 13:13:06 +02:00
Jeremy Benoist
876d77a67d
Better display and description
...
Confirmation message isn’t required since it is written in the delete description
2016-10-08 20:25:42 +02:00
Jeremy Benoist
c3396c65ef
Fix some tests
2016-10-08 14:07:13 +02:00
Nicolas Lœuillet
b840268711
Added a test to check if entries are also deleted
2016-10-08 13:27:18 +02:00
Nicolas Lœuillet
71254701b7
Changed tests
2016-10-08 13:27:18 +02:00
Nicolas Lœuillet
821bb87685
Added tests
2016-10-08 13:27:18 +02:00
Jeremy Benoist
eb4142e0af
Remove NewUser test from Config
2016-10-02 11:09:28 +02:00
Jeremy Benoist
bf3dc999e7
Add ability to edit a tagging rule
2016-10-01 16:52:05 +02:00
Jeremy Benoist
23634d5d84
Jump to Symfony 3.1
2016-06-22 17:59:35 +02:00