Commit graph

2585 commits

Author SHA1 Message Date
Nicolas Lœuillet
74848a4794
Fix undefined variable 2023-06-26 17:41:55 +02:00
Nicolas Lœuillet
f511af6fda
Add confirmation alert when deleting articles from list view 2023-06-20 17:30:31 +02:00
Nicolas Lœuillet
708bb261d0
Update quickstart content 2023-06-19 13:59:34 +02:00
Nicolas Lœuillet
fedd6c9eda
Remove hardcoded string 2023-06-19 10:08:51 +02:00
Nicolas Lœuillet
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
Fixes #6330
2023-06-17 15:19:59 +02:00
Simounet
619499d455
[Boyscout] Settings: Reduced width for the default mark as read container 2023-06-16 14:28:57 +02:00
Simounet
97a87235a1
Setting to show / hide articles thumbnails styling 2023-06-16 14:28:57 +02:00
Nicolas Lœuillet
7eddea6ff7
Added test 2023-06-16 14:27:27 +02:00
Nicolas Lœuillet
19322142c3
Fixed testsuite 2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
46521e48e5
PHP CS fix 2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
a94d7503c2
Added new setting to show / hide articles thumbnails 2023-06-16 14:27:15 +02:00
Nicolas Lœuillet
54b3977a3c Update main contributors 2023-06-16 11:40:33 +02:00
Simounet
78f66c72fc
Remove annotation text on entry without any 2023-06-15 23:17:30 +02:00
Simounet
18943d191f
[Boyscout] Useless title on tags removed 2023-06-15 23:14:02 +02:00
Simounet
5d1abde36d
Entry view tags styled udpated 2023-06-15 23:13:45 +02:00
Nicolas Lœuillet
ae975fdba0
Update translation key 2023-06-15 17:06:31 +02:00
Nicolas Lœuillet
439e906c44
Merge pull request #6619 from Simounet/fix/6618-mass-action-not-submitting
Fix #6618 mass action buttons not submitting anything
2023-06-15 15:00:42 +02:00
Simounet
09af754a33
Fix #6618 mass action buttons not submitting anything 2023-06-15 14:52:59 +02:00
Simounet
fcb880fbd1
Empty space on the top bar used for more add url toggle clickable target 2023-06-14 21:54:57 +02:00
Nicolas Lœuillet
96cf34f730 Added flash message when we try to add to much tags 2023-06-13 13:06:35 +02:00
Simounet
fe740f4a69
Fix RSS feed_route not set 2023-06-12 19:05:38 +02:00
Simounet
3c7457801f
index class added to body 2023-06-12 18:15:39 +02:00
Simounet
e5b72f3123
Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Kevin Decherf
3e02a8aaf5
Merge pull request #6547 from Simounet/feat/mass-action-ui
Feat/mass action UI
2023-06-01 22:20:05 +02:00
Jérémy Benoist
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following
Fix DownloadImages not following redirections
2023-05-31 15:04:02 +02:00
Simounet
548b610a17
Fix images downloading with numeric HTML entity 2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a
Fix DownloadImages not following redirections 2023-05-30 12:41:00 +02:00
Simounet
81f58df7b8
Mass action tag layout updated 2023-05-26 21:14:32 +02:00
Simounet
f9143c4255
[Boyscout] Elements in need of entries hidden if no entry available 2023-05-25 22:22:48 +02:00
Simounet
d0aad7b96d
Mass actions available on cards view
fixup! Mass action toggle button added
2023-05-25 22:04:44 +02:00
Simounet
384918cda9
Mass action toggle button added 2023-05-25 21:56:09 +02:00
Simounet
eae4d5a142
[Boyscout] Feed link HTML facto 2023-05-25 21:56:08 +02:00
Martin Trigaux
26a4030e87 [FIX] round reading time in export
Before this commit, the exported entry (pdf, epub,...) could look like:

Estimated reading time:
2.6666666666667 min

Now it will be:
Estimated reading time
3 min
2023-05-24 17:07:44 +02:00
Jeremy Benoist
4dd380b7dd
Fix test following 2.5 merge into master 2023-04-24 14:46:40 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Casper Meijn
5a5148707c Fix API allowed_registration
Two configuration options need to be enabled to allow user registration via the API:
1) fosuser_registration, which indicates whether registration is allowed at all (frontend and API)
2) api_user_registration, which indicates whether registration is allowed via the API
2023-03-28 20:12:55 +02:00
Jérémy
1003e8f074
Deleted translation using Weblate (English (United States)) 2023-03-27 12:10:09 +02:00
Jérémy Benoist
268372dbbd
Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion
Fix CSRF on user deletion
2023-02-07 21:52:51 +01:00
Jérémy Benoist
4e023bddc3
Merge pull request #6288 from wallabag/2.5/xss-username-share-page
Fix XSS on username on share page
2023-02-07 21:43:04 +01:00
Jeremy Benoist
f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
242e3feac9
Fix adding tag to entries from other people
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
2023-02-07 21:25:57 +01:00
Jeremy Benoist
bd4c71682e
Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jeremy Benoist
b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Wynton Franklin
baddc525bb fix for config links 2023-01-23 18:19:49 -04:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
Kevin Decherf
2f2cfa2c2a Add prefix for tag slugs
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.

Fixes #6048

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-11 23:20:13 +01:00
Jérémy Benoist
7625e36b5a
Merge pull request #6182 from caspermeijn/openapi3
Update annotations to OpenApi 3
2023-01-02 10:39:56 +01:00
Casper Meijn
4f9c7a92a1 Update annotations to OpenApi 3
Most of the API annotations are directly converted. The changes in meaning are:
- Parameters "in body" is not supported anymore. These are changed to "in query" or to a request body (depending on the code).
2022-12-23 14:54:55 +01:00