mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-01-26 08:38:09 +00:00
Code Issues Projects Releases Wiki Activity
wallabag/tests/Wallabag/CoreBundle/Controller
History
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-20 15:09:38 +01:00
..
ConfigControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
EntryControllerTest.php Fix tests 2023-01-16 10:21:37 +01:00
ExportControllerTest.php ExportController: fix improper authorization vulnerability 2023-01-20 15:09:38 +01:00
FeedControllerTest.php this change adds an option to sort the feed entires by updated_at 2022-03-14 22:58:45 +01:00
IgnoreOriginInstanceRuleControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
SecurityControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
SettingsControllerTest.php Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
SiteCredentialControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
StaticControllerTest.php Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
TagControllerTest.php Fix tests 2022-04-20 23:13:17 +02:00