Jeremy Benoist
4dd380b7dd
Fix test following 2.5 merge into master
2023-04-24 14:46:40 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jeremy Benoist
6aca334d53
Move to controller as a service
...
Mostly using autowiring to inject deps.
The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case.
Usually:
- if a controller has a constructor, it means injected services are at least re-used once in actions
- otherwise, service are injected per action
2022-12-19 10:38:08 +01:00
Jeremy Benoist
33267f0736
Update to FOSUserBundle 3.1
...
Also remove some deprecation from Symfony.
Use `LegacyEventDispatcherProxy` to handle Symfony 4 dispatch from FOSUser
2022-12-14 09:42:17 +01:00
Jeremy Benoist
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
Jeremy Benoist
27e788d0be
Re-create all API routes
2022-11-23 12:44:55 +01:00
Yassine Guedidi
eb43c78720
Use FQCN instead of service alias
2022-09-01 09:07:19 +02:00
Yassine Guedidi
1bee0eeb29
Make repositories use ServiceEntityRepository
2022-08-31 02:05:30 +02:00
Yassine Guedidi
481283bbee
Migrate controller and action references
2022-08-26 17:47:46 +02:00
Yassine Guedidi
1c880883e2
Migrate ParamConverter class parameter
2022-08-26 17:47:46 +02:00
Yassine Guedidi
8b7b4975d6
Migrate getRepository with entities
2022-08-26 17:47:46 +02:00
Yassine Guedidi
327fa7d527
Extend right FOSRestBundle controller class
2022-08-15 12:59:28 +02:00
Jeremy Benoist
7332d1f4e5
Remove support for PHP < 7.2
...
Updating deps
- Removing electrolinux/php-html5lib (0.1.0)
- Updating doctrine/inflector (1.3.1 => 1.4.3)
- Updating doctrine/lexer (1.0.2 => 1.2.1)
- Installing symfony/polyfill-php80 (v1.17.0)
- Updating symfony/service-contracts (v1.1.8 => v2.1.2)
- Installing symfony/deprecation-contracts (v2.1.2)
- Updating symfony/mime (v4.4.8 => v5.1.1)
- Updating friendsofsymfony/rest-bundle (2.7.4 => 2.8.0)
- Updating doctrine/instantiator (1.3.0 => 1.3.1)
- Updating ocramius/proxy-manager (2.1.1 => 2.2.3)
- Updating php-http/discovery (1.7.4 => 1.8.0)
- Updating symfony/http-client-contracts (v1.1.8 => v2.1.2)
- Updating symfony/http-client (v4.4.8 => v5.1.1)
- Updating php-http/httplug-bundle (1.16.0 => 1.18.0)
- Updating symfony/phpunit-bridge (v4.3.11 => v5.1.1)
- Updating doctrine/data-fixtures (1.3.3 => 1.4.3)
- Updating composer/xdebug-handler (1.4.1 => 1.4.2)
- Updating masterminds/html5 (2.7.0 => 2.7.1)
- Updating j0k3r/php-readability (1.2.4 => 1.2.5)
- Updating phpoption/phpoption (1.7.3 => 1.7.4)
- Updating nikic/php-parser (v4.4.0 => v4.5.0)
- Installing thecodingmachine/safe (v1.1.1)
- Updating spomky-labs/otphp (v9.1.4 => v10.0.1)
- Updating pagerfanta/pagerfanta (v2.1.3 => v2.3.0)
Package white-october/pagerfanta-bundle is abandoned, you should avoid using it. Use babdev/pagerfanta-bundle instead.
- Removing white-october/pagerfanta-bundle (v1.3.2)
- Installing babdev/pagerfanta-bundle (v2.4.2)
Upgrading PHPStan to 0.12 and use extension installer
- Removing phpstan/phpdoc-parser (0.3.5)
- Removing nette/utils (v3.1.2)
- Removing nette/schema (v1.0.2)
- Removing nette/robot-loader (v3.2.3)
- Removing nette/php-generator (v3.4.0)
- Removing nette/neon (v3.1.2)
- Removing nette/finder (v2.5.2)
- Removing nette/di (v3.0.4)
- Removing nette/bootstrap (v3.0.2)
- Updating phpstan/phpstan (0.11.19 => 0.12.29)
- Updating phpstan/phpstan-doctrine (0.11.6 => 0.12.16)
- Updating phpstan/phpstan-phpunit (0.11.2 => 0.12.11)
- Updating phpstan/phpstan-symfony (0.11.6 => 0.12.6)
- Installing phpstan/extension-installer (1.0.4)
Upgrading jms/serializer-bundle to version 3 (and willdurand/hateoas-bundle to version 2)
- Removing phpoption/phpoption (1.7.4)
- Removing phpcollection/phpcollection (0.5.0)
- Removing jms/parser-lib (1.0.0)
- Updating jms/metadata (1.7.0 => 2.3.0)
- Updating jms/serializer (1.14.1 => 3.7.0)
- Updating jms/serializer-bundle (2.4.4 => 3.6.0)
- Updating willdurand/hateoas (2.12.0 => 3.6.0)
- Updating willdurand/hateoas-bundle (1.4.0 => 2.1.0)
Upgrading dama/doctrine-test-bundle to version 6
- Updating dama/doctrine-test-bundle (v5.0.3 => v6.2.0)
2020-06-15 08:25:59 +02:00
adev
86c1751186
Optionnal quote because the frontend does not use it
2019-11-27 14:38:35 +01:00
adev
8197f08266
API return an error with empty quote
...
Fix #4137
2019-11-27 14:38:35 +01:00
Jeremy Benoist
8d4ed0df06
Update deps
...
Also CS (because cs-fixer got an update)
Package operations: 0 installs, 26 updates, 0 removals
- Updating twig/twig (v2.12.1 => v2.12.2)
- Updating symfony/symfony (v3.4.33 => v3.4.34)
- Updating doctrine/event-manager (v1.0.0 => 1.1.0)
- Updating doctrine/collections (v1.6.2 => 1.6.3)
- Updating doctrine/cache (v1.8.1 => 1.9.0)
- Updating doctrine/persistence (1.1.1 => 1.2.0)
- Updating doctrine/inflector (v1.3.0 => 1.3.1)
- Updating symfony/mime (v4.3.5 => v4.3.7)
- Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3)
- Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1)
- Updating doctrine/dbal (v2.9.2 => v2.9.3)
- Updating doctrine/instantiator (1.2.0 => 1.3.0)
- Updating j0k3r/graby-site-config (1.0.93 => 1.0.94)
- Updating phpoption/phpoption (1.5.0 => 1.5.2)
- Updating symfony/http-client-contracts (v1.1.7 => v1.1.8)
- Updating symfony/http-client (v4.3.5 => v4.3.7)
- Updating sensiolabs/security-checker (v6.0.2 => v6.0.3)
- Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0)
- Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0)
- Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7)
- Updating composer/xdebug-handler (1.3.3 => 1.4.0)
- Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0)
- Updating doctrine/data-fixtures (v1.3.2 => 1.3.3)
- Updating nette/schema (v1.0.0 => v1.0.1)
- Updating nikic/php-parser (v4.2.4 => v4.3.0)
- Updating sentry/sentry (2.2.2 => 2.2.4)
2019-11-12 14:18:58 +01:00
Jeremy Benoist
db9b6d8d0d
Update fixtures
2018-11-28 22:04:54 +01:00
Kevin Decherf
69b563948d
AnnotationRepository: rename getBuilderByUser
...
We rename getBuilderByUser to getSortedQueryBuilderByUser as long as the
method currently returns a QueryBuilder with an orderBy()
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2018-09-05 18:44:08 +02:00
Kevin Decherf
2a1ceb67b4
php-cs-fixer
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2018-09-05 14:25:32 +02:00
Jeremy Benoist
f40c88eb1f
Jump to Symfony 3.3 & update others deps
...
Also update tests urls
2017-10-09 16:45:12 +02:00
Nicolas Hart
52b84c11a5
Fix some namespaces and phpdoc
2017-07-29 22:51:50 +02:00
Jeremy Benoist
927c9e796f
Add EntityTimestampsTrait to handle dates
...
Refactorize timestamps() method to avoid re-writing it on each entity
2017-07-06 09:01:51 +02:00
Jeremy Benoist
f808b01692
Add a real configuration for CS-Fixer
2017-07-01 09:52:38 +02:00
adev
2c3e148b00
Displays an error with an annotation with a too long quote
...
Fix #2762
2017-06-04 11:38:29 +02:00
Nicolas Lœuillet
13a592a128
Renamed methods
2017-03-31 17:03:08 +02:00
Nicolas Lœuillet
9102851f59
Added delete button on Baggy theme
2017-03-31 10:53:23 +02:00
Thomas Citharel
6da1aebc94
Allow to remove all archived entries
...
Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-03-31 10:46:05 +02:00
Jeremy Benoist
9313ea9d44
Merge pull request #2401 from wallabag/reset-account
...
Reset account
2016-10-24 11:57:51 +02:00
Jeremy Benoist
b0de88f75d
Use statements & update translation
2016-10-22 13:13:07 +02:00
Jeremy Benoist
8c61fd12b1
CS
2016-10-22 13:13:07 +02:00
Jeremy Benoist
191564b7f7
Add custom doctrine subscriber for SQLite
...
Since SQLite doesn’t handle cascade remove by default, we need to handle it manually.
Also some refacto
2016-10-22 13:13:07 +02:00
Jeremy Benoist
206bade58a
Add ability to reset some datas
...
- annotations
- tags
- entries
2016-10-22 13:13:06 +02:00
Jeremy Benoist
aa4741091f
Add test on /api/annotations
...
Fix controller forward in WallabagRestController.
Update PHPDoc so it is sorted the same way as others one
Duplicate all annotations test to use both api & normal way
Also, make annotation tests independent to each other
2016-10-22 12:09:20 +02:00
Thomas Citharel
0c271b9eb0
fix cs and phpdoc
2016-10-22 09:06:07 +02:00
Thomas Citharel
b1e92f8c14
cs
2016-10-22 09:06:07 +02:00
Thomas Citharel
1eea248bb0
move code
2016-10-22 09:06:07 +02:00
Thomas Citharel
c7935f32d2
cs
2016-10-22 09:06:07 +02:00
Thomas Citharel
351eb8d97e
bring annotations to API
2016-10-22 09:06:07 +02:00
Jeremy Benoist
b0458874c8
Fix relations export for Entry
...
Tags & Annotations weren’t really well exported.
This is now fixed (+ tests)
2016-10-07 07:43:19 +02:00
Jeremy Benoist
23634d5d84
Jump to Symfony 3.1
2016-06-22 17:59:35 +02:00
Jeremy Benoist
4094ea4771
Convert array + phpDoc
...
Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter
2016-04-12 12:25:29 +02:00
Jeremy Benoist
5d6f6f56a2
Some cleanup
...
- travis tabulation
- extra namespace definition in entities
2016-03-27 20:36:35 +02:00
Jeremy Benoist
b95ffda2a1
Fix hazardous bug with Postgres
...
Instead of retrieving a random annotation, sort them to be sure they are all the same no matter the database used
2016-03-12 10:45:14 +01:00
Jeremy Benoist
09d8bb6fa2
Improve tests
...
- add more tests for coverage
- add a test on annotation deletion
- fix post annontation with ranges
2016-03-11 17:59:42 +01:00
Nicolas Lœuillet
4dc872238a
Rename CommentBundle with AnnotationBundle
2016-02-26 18:14:42 +01:00