Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability ... This PR is based on 2.5.x branch. We fix the improper authorization by retrieving the annotation using id and user id. We also replace the ParamConverter used to get the requested Annotation on put and delete actions with an explicit call to AnnotationRepository in order to prevent a resource enumeration through response discrepancy. Fixes GHSA-mrqx-mjc4-vfh3 Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com> Signed-off-by: Kevin Decherf <kevin@kdecherf.com>		2023-01-27 23:34:14 +01:00
..
Controller	AnnotationController: fix improper authorization vulnerability	2023-01-27 23:34:14 +01:00
DataFixtures	AnnotationController: fix improper authorization vulnerability	2023-01-27 23:34:14 +01:00
DependencyInjection	Rename CommentBundle with AnnotationBundle	2016-02-26 18:14:42 +01:00
Entity	Optionnal quote because the frontend does not use it	2019-11-27 14:38:35 +01:00
Form	Optionnal quote because the frontend does not use it	2019-11-27 14:38:35 +01:00
Repository	AnnotationController: fix improper authorization vulnerability	2023-01-27 23:34:14 +01:00
Resources/config	Rename CommentBundle with AnnotationBundle	2016-02-26 18:14:42 +01:00
WallabagAnnotationBundle.php	Rename CommentBundle with AnnotationBundle	2016-02-26 18:14:42 +01:00