Commit graph

437 commits

Author SHA1 Message Date
Jérémy Benoist
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following
Fix DownloadImages not following redirections
2023-05-31 15:04:02 +02:00
Simounet
548b610a17
Fix images downloading with numeric HTML entity 2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a
Fix DownloadImages not following redirections 2023-05-30 12:41:00 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Jeremy Benoist
a237414f9c
Skip test because of encoding issue in PHP 8.1 2023-03-24 22:57:11 +01:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de
Fix tests 2023-01-16 10:21:37 +01:00
Kevin Decherf
2f2cfa2c2a Add prefix for tag slugs
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.

Fixes #6048

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-11 23:20:13 +01:00
Jeremy Benoist
6aca334d53
Move to controller as a service
Mostly using autowiring to inject deps.
The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case.

Usually:
- if a controller has a constructor, it means injected services are at least re-used once in actions
- otherwise, service are injected per action
2022-12-19 10:38:08 +01:00
Jeremy Benoist
b3099f68c5
Update all Doctrine deps
Also update these deps to be compatible with latest Doctrine version:
- `friendsofsymfony/oauth-server-bundle`
- `lexik/form-filter-bundle`
- `dama/doctrine-test-bundle`
2022-12-16 10:29:42 +01:00
Jeremy Benoist
d47c208743
Fix EventDispatcer & events
Looks like parameter for the `->dispatch(` have been flipped (event first then event name).
Define events should now extends `Symfony\Contracts\EventDispatcher\Event`
2022-12-15 21:47:31 +01:00
Jeremy Benoist
33267f0736
Update to FOSUserBundle 3.1
Also remove some deprecation from Symfony.
Use `LegacyEventDispatcherProxy` to handle Symfony 4 dispatch from FOSUser
2022-12-14 09:42:17 +01:00
Jeremy Benoist
de5b138a59
Fix CS 2022-12-13 10:26:51 +01:00
Michael
fbccae8a79 fix: update remove tag test to accept root relative urls 2022-12-10 11:52:18 -06:00
Jeremy Benoist
e79f5c7a21
Skip MySQL test 2022-11-29 18:01:46 -08:00
Jeremy Benoist
dd2f2fe340
Fix pt_BR test 2022-11-29 18:01:46 -08:00
Jeremy Benoist
aa5c7f05b8
Upgrade to Symfony 4.4
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
2022-11-29 18:01:46 -08:00
Jeremy Benoist
b7dba18cb2
Cleanup 2022-11-23 15:51:33 +01:00
Jeremy Benoist
1d3935fbd3
Remove LiipThemeBundle
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
2022-11-23 14:52:06 +01:00
Jeremy Benoist
8d3fcd4635
Merge remote-tracking branch 'origin/master' into 2.6.0 2022-11-03 10:30:17 +01:00
Nicolas Lœuillet
680da52ea8 Fixed tests 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
594c609a54 Fixed edit button for tagging rules 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
aedaa50887 Fixed tests 2022-11-03 09:55:24 +01:00
Nicolas Lœuillet
29308024ac Removed old, not so maintained and buggy baggy theme 2022-11-03 09:55:20 +01:00
Yassine Guedidi
e32794e9d6 Remove useless command input parameter 2022-10-18 15:19:07 +02:00
Yassine Guedidi
17497275b2 Use find for remaining useless addition 2022-10-18 15:19:07 +02:00
Yassine Guedidi
6915a92047 Remove useless command addition 2022-10-18 15:19:07 +02:00
Yassine Guedidi
8f20df6559 Remove InstallCommandMock 2022-10-18 15:19:07 +02:00
Jeremy Benoist
dc28d7ea0f
Add support to download SVG locally 2022-10-18 11:14:45 +02:00
Jeremy Benoist
c372d68cc1
Merge remote-tracking branch 'origin/master' into 2.6.0 2022-10-18 11:11:02 +02:00
Jeremy Benoist
53574f05d5
Fix random failing tests
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
2022-10-10 09:15:26 +02:00
JT Smith
6da76ffaae Typofixes 2022-10-03 18:31:43 -06:00
Yassine Guedidi
98af2e25f2 Use ::class notation where possible 2022-09-01 20:54:56 +02:00
Yassine Guedidi
d1d56fbe25 Import used classes 2022-09-01 19:21:45 +02:00
Yassine Guedidi
eb43c78720 Use FQCN instead of service alias 2022-09-01 09:07:19 +02:00
Yassine Guedidi
156158673f Alias Config entity to ConfigEntity to not conflict with Craue Config 2022-09-01 09:07:18 +02:00
Yassine Guedidi
1c880883e2 Migrate ParamConverter class parameter 2022-08-26 17:47:46 +02:00
Yassine Guedidi
8b7b4975d6 Migrate getRepository with entities 2022-08-26 17:47:46 +02:00
Yassine Guedidi
a5f22ff835 Use FQCN as service name for Predis client 2022-08-24 23:24:25 +02:00
Yassine Guedidi
0f9c359476 Use FQCN as service name for repositories 2022-08-24 23:24:25 +02:00
Yassine Guedidi
844e8e9d22 Use FQCN as service name for helper services 2022-08-24 23:24:24 +02:00
Jeremy Benoist
131f21883d
Merge remote-tracking branch 'origin/master' into 2.6.0 2022-08-23 08:43:46 +02:00
Jérémy Benoist
2f1f6e9c51
Merge pull request #5838 from wallabag/feat/mass-action-tag
Add support of mass action to tag entries
2022-08-22 20:56:04 +02:00
Jeremy Benoist
cd4105bbe9
Fix tests 2022-08-22 19:57:57 +02:00
Yassine Guedidi
c15a3e5340 Fix DateTime case 2022-07-31 22:01:23 +01:00
Kevin Decherf
08eb190c95 Add support of mass action to tag entries
Closes #3118

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2022-06-29 15:48:41 +02:00
Nicolas Lœuillet
5291f7fb97 Fixed test 2022-06-16 15:18:10 +02:00
Nicolas Lœuillet
4feca1ccd5
Added tag deletion from tags list
Fixed #2952
2022-06-15 16:18:11 +02:00
Jeremy Benoist
37019b5ad5
Fix tests 2022-05-13 14:15:19 +02:00
Jeremy Benoist
4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jeremy Benoist
9f6414785c
Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e
Added action to tag search results 2022-04-20 22:57:25 +02:00
Kevin Decherf
8f2fefe233
Merge pull request #5680 from wallabag/impr/intl
Replace `iconv()` calls with Transliterator
2022-03-21 22:28:49 +01:00
Kevin Decherf
1608bf5a4e Replace iconv() calls with Transliterator
See https://stackoverflow.com/a/35178027/954513

Closes #5377

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2022-03-21 22:12:11 +01:00
Jeremy Benoist
0049ef390b
Add some basic test 2022-03-21 21:29:30 +01:00
Jérémy Benoist
eb99cacf43
Merge pull request #5664 from Simounet/feat/home-entries-updated 2022-03-15 09:34:00 +01:00
Adrien Gallou
29df8ed590
this change adds an option to sort the feed entires by updated_at
There is now an option to sort the feed entires by updated_at, on the
controler : a sort querystring argument that accepts either "created"
or "updated".
2022-03-14 22:58:45 +01:00
Simounet
85e91f9e67
CSS grid used for bloc mode entries and flex for card bloc 2022-03-14 22:09:07 +01:00
Jeremy Benoist
7ec0c9f844
Fix tests 2022-03-02 20:12:08 +01:00
Nicolas Lœuillet
cd975c5f13
Added annotated filter 2022-03-02 20:07:44 +01:00
Nicolas Lœuillet
6dfc031839
Enhanced tests and changed route 2022-03-02 20:07:43 +01:00
Nicolas Lœuillet
0aeaf0e8c2
Added tests 2022-03-02 20:07:17 +01:00
Jeremy Benoist
9a6146d2ef
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-03-02 20:03:33 +01:00
Jeremy Benoist
10d071a4f2
Fix tests 2022-03-02 19:28:48 +01:00
Jeremy Benoist
5c4993832e
Fix tagging rule match when user a custom reading speed
By default, we assume the reading speed is 200 word per minute (WPM) when we save an entry.
User can change that value in the config and the rendering is properly performed with the user reading speed.
BUT, when the matching rule is applied, it uses the default reading time defined in the entry without applying the custom reading speed of the user.
This should fix that bug.

Also update the `wallabag:tag:all` to fix the bug when tagging all entries.
2022-03-02 19:12:33 +01:00
Jeremy Benoist
2b3ff84829
Avoid overlapping images when downloading them 2022-02-07 15:19:49 +01:00
Jeremy Benoist
3c507d676f
Add build test on PHP 8.0 & 8.1
Add `isTransactional` to `WallabagMigration` because PHP 8 behave differently with PDO transaction.
This is a workaround because we can't upgrade Doctrine Migration for now (upper versions have the fix).

- Build is now using Composer v2 (instead of v1)
- All actions have been updated to latest version
- Fix bug in PHP 8 were `$entry->getTags()` can't be properly used as a _traversable_ by `assertContains` during tests. Added a custom method `Entry::getTagsLabel()` which return a flatted tag array with only label
- Replace `assertNotRegExp` by `assertDoesNotMatchRegularExpression` because it was deprecated
2022-01-31 12:59:39 +01:00
Jeremy Benoist
283675ccd0
Rebuild assets and update webpack config
And optimize images (Thanks ImageOptim)
2022-01-05 16:09:43 +01:00
Jeremy Benoist
0afd91a160
Remove dead test
The URL seems to be down now.
Move to a more frequent deps update
2022-01-05 13:25:50 +01:00
Nicolas Lœuillet
c34fe9945a Fixed test 2021-08-03 08:36:56 +02:00
Nicolas Lœuillet
609193cf59 Fixed unavailable russian website in test 2021-08-03 07:56:14 +02:00
Simounet
6324d30db2
Fix PHPUnit deprecated warning 2021-04-14 13:07:46 +02:00
Kevin Decherf
7acd207054 Convert tag label to lowercase in RuleBasedTagger
Fixes #4266

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2021-03-06 19:46:24 +01:00
Nicolas Lœuillet
890c7d0bfa
Added button to show entries with the same domain 2021-02-08 09:45:38 +01:00
Jeremy Benoist
f061581bbd
Fix test 2021-02-08 09:38:01 +01:00
Jeremy Benoist
3137d9b1cc
Fix test 2021-02-08 09:05:57 +01:00
Kevin Decherf
8e89b3ad76 Preselect currently active section in the filter menu
Fixes #2533

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2021-01-24 02:16:43 +01:00
Jeremy Benoist
83f10796a7
Fix Russian language validation 2020-12-14 09:33:31 +01:00
Jeremy Benoist
f6ca547fc9
Fix tests 2020-12-10 10:30:34 +01:00
Jeremy Benoist
a173423820
Fix CS issues 2020-12-08 09:17:10 +01:00
Jeremy Benoist
732ec8a2eb
Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
Jeremy Benoist
7332d1f4e5
Remove support for PHP < 7.2
Updating deps

  - Removing electrolinux/php-html5lib (0.1.0)
  - Updating doctrine/inflector (1.3.1 => 1.4.3)
  - Updating doctrine/lexer (1.0.2 => 1.2.1)
  - Installing symfony/polyfill-php80 (v1.17.0)
  - Updating symfony/service-contracts (v1.1.8 => v2.1.2)
  - Installing symfony/deprecation-contracts (v2.1.2)
  - Updating symfony/mime (v4.4.8 => v5.1.1)
  - Updating friendsofsymfony/rest-bundle (2.7.4 => 2.8.0)
  - Updating doctrine/instantiator (1.3.0 => 1.3.1)
  - Updating ocramius/proxy-manager (2.1.1 => 2.2.3)
  - Updating php-http/discovery (1.7.4 => 1.8.0)
  - Updating symfony/http-client-contracts (v1.1.8 => v2.1.2)
  - Updating symfony/http-client (v4.4.8 => v5.1.1)
  - Updating php-http/httplug-bundle (1.16.0 => 1.18.0)
  - Updating symfony/phpunit-bridge (v4.3.11 => v5.1.1)
  - Updating doctrine/data-fixtures (1.3.3 => 1.4.3)
  - Updating composer/xdebug-handler (1.4.1 => 1.4.2)
  - Updating masterminds/html5 (2.7.0 => 2.7.1)
  - Updating j0k3r/php-readability (1.2.4 => 1.2.5)
  - Updating phpoption/phpoption (1.7.3 => 1.7.4)
  - Updating nikic/php-parser (v4.4.0 => v4.5.0)
  - Installing thecodingmachine/safe (v1.1.1)
  - Updating spomky-labs/otphp (v9.1.4 => v10.0.1)
  - Updating pagerfanta/pagerfanta (v2.1.3 => v2.3.0)

Package white-october/pagerfanta-bundle is abandoned, you should avoid using it. Use babdev/pagerfanta-bundle instead.

  - Removing white-october/pagerfanta-bundle (v1.3.2)
  - Installing babdev/pagerfanta-bundle (v2.4.2)

Upgrading PHPStan to 0.12 and use extension installer

  - Removing phpstan/phpdoc-parser (0.3.5)
  - Removing nette/utils (v3.1.2)
  - Removing nette/schema (v1.0.2)
  - Removing nette/robot-loader (v3.2.3)
  - Removing nette/php-generator (v3.4.0)
  - Removing nette/neon (v3.1.2)
  - Removing nette/finder (v2.5.2)
  - Removing nette/di (v3.0.4)
  - Removing nette/bootstrap (v3.0.2)
  - Updating phpstan/phpstan (0.11.19 => 0.12.29)
  - Updating phpstan/phpstan-doctrine (0.11.6 => 0.12.16)
  - Updating phpstan/phpstan-phpunit (0.11.2 => 0.12.11)
  - Updating phpstan/phpstan-symfony (0.11.6 => 0.12.6)
  - Installing phpstan/extension-installer (1.0.4)

Upgrading jms/serializer-bundle to version 3 (and willdurand/hateoas-bundle to version 2)

  - Removing phpoption/phpoption (1.7.4)
  - Removing phpcollection/phpcollection (0.5.0)
  - Removing jms/parser-lib (1.0.0)
  - Updating jms/metadata (1.7.0 => 2.3.0)
  - Updating jms/serializer (1.14.1 => 3.7.0)
  - Updating jms/serializer-bundle (2.4.4 => 3.6.0)
  - Updating willdurand/hateoas (2.12.0 => 3.6.0)
  - Updating willdurand/hateoas-bundle (1.4.0 => 2.1.0)

Upgrading dama/doctrine-test-bundle to version 6

  - Updating dama/doctrine-test-bundle (v5.0.3 => v6.2.0)
2020-06-15 08:25:59 +02:00
Kevin Decherf
71f7e58fbd tests: add a NetworkCalls group for tests making network calls
Excluding this group can decrease the run time of tests during
development.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
7408a6cb68 Add controller, views and translations for ignore origin instance rules
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
b22eb27623 ContentProxy: replace ignoreUrl with new RuleBasedIgnoreOriginProcessor
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
f39c5a2a70 Add new Helper to process Ignore Origin rules and RulerZ operator
This commits adds a new helper like RuleBasedTagger for processing
ignore origin rules. It also adds a new custom RulerZ operator for the
'~' pattern matching rule.

Renames 'pattern' with '_all' in IgnoreOriginRule entity.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Kevin Decherf
24230a5130 Add new Ignore Origin rules tab, update ConfigController
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-25 15:59:23 +02:00
Nicolas Lœuillet
467327771a
Added mass actions for Material design in list view 2020-04-24 09:12:57 +02:00
Nicolas Lœuillet
01f8a776a4
Fixed unit tests 2020-04-22 14:58:37 +02:00
Kevin Decherf
48f9a9632d TagController: support merging labels when renaming one with label of another
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:12:33 +02:00
Kevin Decherf
a19caf8a37 TagController: prevent tag deletion when renaming a tag with the same label
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:09:07 +02:00
Kevin Decherf
39133eb796 TagController: fix duplicated tags when renaming them
The fix relies on a workaround available on TagsAssigner, see the
AssignTagsToEntry() signature for detail.

I replaced the findOneByLabel in the corresponding test to assert that
there is no duplicate.

Fixes #4216

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2020-04-18 18:09:07 +02:00
Nicolas Lœuillet
4ff1efa418
Added a button to disable 2FA when enabled 2020-04-13 17:00:53 +02:00
Jeremy Benoist
3cd659fc34
Fix tests 2020-03-31 15:56:48 +02:00
Jérémy Benoist
11079d204d
Merge pull request #4272 from Simounet/feat/load-custom-css-only-if-exists
Load custom.css only if exists
2020-03-28 16:49:29 +01:00
Jérémy Benoist
26467fa6b4
Merge pull request #4299 from wallabag/fix/4133
Fix createdAt filter on material
2020-03-28 16:38:12 +01:00