wallabag is a self hostable application for saving web pages: Save and classify articles. Read them later. Freely.
Find a file
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
.github Bump dependabot/fetch-metadata from 1.3.1 to 1.3.4 2022-10-10 02:16:51 +00:00
app Prepare 2.5.2 2022-10-20 16:00:16 +02:00
bin Cleanup 2018-11-28 22:04:54 +01:00
data/db Remove data sql files 2017-11-21 21:35:17 +01:00
docker docker: bump nodejs to 16 2022-06-08 23:13:37 +02:00
scripts Automatically create the package after a release 2022-06-09 11:30:14 +02:00
src ExportController: fix improper authorization vulnerability 2023-01-20 15:09:38 +01:00
tests/Wallabag ExportController: fix improper authorization vulnerability 2023-01-20 15:09:38 +01:00
var Composer 2.3 isn't compatible with wallabag 2022-04-01 16:09:59 +02:00
web Update deps before 2.5.3 2023-01-16 10:07:06 +01:00
.babelrc Upgrade to NodeJS 12 2020-08-25 12:28:12 +02:00
.composer-auth.json Replace token by a no scope one 2016-02-27 14:07:04 +01:00
.editorconfig Ditch Travis to use GitHub Actions 2020-11-27 14:14:44 +01:00
.eslintrc.json Update npm/yarn dependencies 2021-08-05 22:51:23 +02:00
.gitattributes Add .gitattributes, exclude tests from archive 2022-07-31 14:39:48 +03:00
.gitignore Exclude local phpunit.xml 2022-04-29 00:20:20 +02:00
.nvmrc Jump to Node 16 to build assets 2022-05-23 08:04:16 +02:00
.php_cs Update .php_cs 2020-11-25 08:46:45 +01:00
CHANGELOG.md Prepare 2.5.2 2022-10-20 16:00:16 +02:00
CODE_OF_CONDUCT.md Create code of conduct 2019-10-08 09:50:06 +02:00
composer.json Add support to download SVG locally 2022-10-18 11:14:45 +02:00
composer.lock Update deps before 2.5.3 2023-01-16 10:07:06 +01:00
COPYING.md Cleanup 2018-11-28 22:04:54 +01:00
CREDITS.md Update README 2022-04-04 10:10:55 +02:00
docker-compose.yml Update docker-compose and Dockerfile for dev env 2022-04-04 10:10:55 +02:00
GNUmakefile Disable XDebug in test make recipe 2022-05-03 06:39:37 +02:00
Makefile Makefile fixes for non GNU systems 2018-08-18 18:50:18 +10:00
package.json Update deps before 2.5.3 2023-01-16 10:07:06 +01:00
phpstan.neon Update phpunit dep for phpstan 2021-08-05 22:51:23 +02:00
phpunit.xml.dist Add build test on PHP 8.0 & 8.1 2022-01-31 12:59:39 +01:00
README.md Update README 2022-04-04 10:10:55 +02:00
RELEASE_PROCESS.md Automatically create the package after a release 2022-06-09 11:30:14 +02:00
SECURITY.md Create SECURITY.md 2021-08-31 10:50:12 +01:00
stylelint.config.js Rebuild assets 2022-01-05 20:43:36 +01:00
webpack.config.js Webpack upgraded from 4 to 5 + dependancies updated 2020-11-24 22:28:52 +01:00
yarn.lock Update deps before 2.5.3 2023-01-16 10:07:06 +01:00

wallabag

CI Scrutinizer Code Quality Gitter Donation Status Translation status License

wallabag is a web application allowing you to save web pages for later reading. Click, save and read it when you want. It extracts content so that you won't be distracted by pop-ups and cie.

You can install it on your own server, or you can create an account on wallabag.it.

wallabag

Documentation

The documentation is available at https://doc.wallabag.org.

You can contribute to it through its dedicated repository, available here: https://github.com/wallabag/doc.

Installation

Please read the documentation to see the wallabag requirements.

Then you can install wallabag by executing the following commands:

git clone https://github.com/wallabag/wallabag.git
cd wallabag && make install

Now, configure a virtual host to use your wallabag.

Other methods

Refer to the installation documentation for other installation methods.

Translation

This project uses Weblate for translation.

Feel free to help us translating wallabag.

Contributing

To learn more about developing wallabag, please refer to the contribution guide.

Content extraction relies on Graby, php-readability and ftr-site-config.

License

Copyright © 2013-current Nicolas Lœuillet nicolas@loeuillet.org

This work is free. You can redistribute it and/or modify it under the terms of the MIT License. See the COPYING.md file for more details.