Nicolas Lœuillet
74848a4794
Fix undefined variable
2023-06-26 17:41:55 +02:00
Nicolas Lœuillet
f511af6fda
Add confirmation alert when deleting articles from list view
2023-06-20 17:30:31 +02:00
Nicolas Lœuillet
708bb261d0
Update quickstart content
2023-06-19 13:59:34 +02:00
Nicolas Lœuillet
fedd6c9eda
Remove hardcoded string
2023-06-19 10:08:51 +02:00
Nicolas Lœuillet
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
...
Fixes #6330
2023-06-17 15:19:59 +02:00
Simounet
619499d455
[Boyscout] Settings: Reduced width for the default mark as read container
2023-06-16 14:28:57 +02:00
Simounet
97a87235a1
Setting to show / hide articles thumbnails styling
2023-06-16 14:28:57 +02:00
Nicolas Lœuillet
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
Nicolas Lœuillet
19322142c3
Fixed testsuite
2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
46521e48e5
PHP CS fix
2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
a94d7503c2
Added new setting to show / hide articles thumbnails
2023-06-16 14:27:15 +02:00
Nicolas Lœuillet
54b3977a3c
Update main contributors
2023-06-16 11:40:33 +02:00
Simounet
78f66c72fc
Remove annotation text on entry without any
2023-06-15 23:17:30 +02:00
Simounet
18943d191f
[Boyscout] Useless title on tags removed
2023-06-15 23:14:02 +02:00
Simounet
5d1abde36d
Entry view tags styled udpated
2023-06-15 23:13:45 +02:00
Nicolas Lœuillet
ae975fdba0
Update translation key
2023-06-15 17:06:31 +02:00
Nicolas Lœuillet
439e906c44
Merge pull request #6619 from Simounet/fix/6618-mass-action-not-submitting
...
Fix #6618 mass action buttons not submitting anything
2023-06-15 15:00:42 +02:00
Simounet
09af754a33
Fix #6618 mass action buttons not submitting anything
2023-06-15 14:52:59 +02:00
Simounet
fcb880fbd1
Empty space on the top bar used for more add url toggle clickable target
2023-06-14 21:54:57 +02:00
Nicolas Lœuillet
96cf34f730
Added flash message when we try to add to much tags
2023-06-13 13:06:35 +02:00
Simounet
fe740f4a69
Fix RSS feed_route not set
2023-06-12 19:05:38 +02:00
Simounet
3c7457801f
index class added to body
2023-06-12 18:15:39 +02:00
Simounet
e5b72f3123
Fix Stylelint errors
2023-06-12 18:15:38 +02:00
Kevin Decherf
3e02a8aaf5
Merge pull request #6547 from Simounet/feat/mass-action-ui
...
Feat/mass action UI
2023-06-01 22:20:05 +02:00
Jérémy Benoist
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following
...
Fix DownloadImages not following redirections
2023-05-31 15:04:02 +02:00
Simounet
548b610a17
Fix images downloading with numeric HTML entity
2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a
Fix DownloadImages not following redirections
2023-05-30 12:41:00 +02:00
Simounet
81f58df7b8
Mass action tag layout updated
2023-05-26 21:14:32 +02:00
Simounet
f9143c4255
[Boyscout] Elements in need of entries hidden if no entry available
2023-05-25 22:22:48 +02:00
Simounet
d0aad7b96d
Mass actions available on cards view
...
fixup! Mass action toggle button added
2023-05-25 22:04:44 +02:00
Simounet
384918cda9
Mass action toggle button added
2023-05-25 21:56:09 +02:00
Simounet
eae4d5a142
[Boyscout] Feed link HTML facto
2023-05-25 21:56:08 +02:00
Martin Trigaux
26a4030e87
[FIX] round reading time in export
...
Before this commit, the exported entry (pdf, epub,...) could look like:
Estimated reading time:
2.6666666666667 min
Now it will be:
Estimated reading time
3 min
2023-05-24 17:07:44 +02:00
Jeremy Benoist
4dd380b7dd
Fix test following 2.5 merge into master
2023-04-24 14:46:40 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
Casper Meijn
5a5148707c
Fix API allowed_registration
...
Two configuration options need to be enabled to allow user registration via the API:
1) fosuser_registration, which indicates whether registration is allowed at all (frontend and API)
2) api_user_registration, which indicates whether registration is allowed via the API
2023-03-28 20:12:55 +02:00
Jérémy
1003e8f074
Deleted translation using Weblate (English (United States))
2023-03-27 12:10:09 +02:00
Jérémy Benoist
268372dbbd
Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion
...
Fix CSRF on user deletion
2023-02-07 21:52:51 +01:00
Jérémy Benoist
4e023bddc3
Merge pull request #6288 from wallabag/2.5/xss-username-share-page
...
Fix XSS on username on share page
2023-02-07 21:43:04 +01:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
Jeremy Benoist
242e3feac9
Fix adding tag to entries from other people
...
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
2023-02-07 21:25:57 +01:00
Jeremy Benoist
bd4c71682e
Fix XSS on username on share page
2023-02-07 19:58:06 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3
2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Wynton Franklin
baddc525bb
fix for config links
2023-01-23 18:19:49 -04:00
Kevin Decherf
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Kevin Decherf
2f2cfa2c2a
Add prefix for tag slugs
...
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.
Fixes #6048
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-11 23:20:13 +01:00
Jérémy Benoist
7625e36b5a
Merge pull request #6182 from caspermeijn/openapi3
...
Update annotations to OpenApi 3
2023-01-02 10:39:56 +01:00
Casper Meijn
4f9c7a92a1
Update annotations to OpenApi 3
...
Most of the API annotations are directly converted. The changes in meaning are:
- Parameters "in body" is not supported anymore. These are changed to "in query" or to a request body (depending on the code).
2022-12-23 14:54:55 +01:00