mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-09-24 12:29:59 +00:00
Code Issues Projects Releases Wiki Activity
wallabag/tests/Wallabag
History
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
..
AnnotationBundle Fix CS issues 2020-12-08 09:17:10 +01:00
ApiBundle Add tests 2022-10-17 21:37:08 +02:00
CoreBundle ExportController: fix improper authorization vulnerability 2023-01-20 15:09:38 +01:00
ImportBundle Fix unrelated failing test 2022-10-17 21:49:03 +02:00
UserBundle Add build test on PHP 8.0 & 8.1 2022-01-31 12:59:39 +01:00