pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,417 Commits 12 Branches 98 Tags
remove-duplicate-errors
Commit Graph

8417 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jeremy Benoist
812d6ac376 Prepare 2.5.4 2023-02-07 22:03:20 +01:00
Jérémy Benoist
268372dbbd Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion 
Fix CSRF on user deletion
 2023-02-07 21:52:51 +01:00
Jérémy Benoist
4e023bddc3 Merge pull request #6288 from wallabag/2.5/xss-username-share-page 
Fix XSS on username on share page
 2023-02-07 21:43:04 +01:00
Jérémy Benoist
acd285dcbb Merge pull request #6290 from wallabag/2.5/fix-add-tag-other-entries 
Fix adding tag to entries from other people
 2023-02-07 21:42:46 +01:00
Jeremy Benoist
f1b3d5cdd7 Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
242e3feac9 Fix adding tag to entries from other people 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
 2023-02-07 21:25:57 +01:00
Jeremy Benoist
bd4c71682e Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jérémy Benoist
ebb39759ff Merge pull request #6286 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.23 2023-02-07 05:35:17 +01:00
dependabot[bot]
647d628853 Bump phpstan/phpstan-symfony from 1.2.22 to 1.2.23 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.22 to 1.2.23.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.22...1.2.23)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-07 03:03:29 +00:00
Jérémy Benoist
784bc1393c Merge pull request #6275 from wallabag/2.x/fix-release-script 
Fix release script
 2023-02-06 10:13:57 +01:00
Jérémy Benoist
b134c76ed7 Merge pull request #6278 from wallabag/dependabot/npm_and_yarn/eslint-webpack-plugin-4.0.0 2023-02-06 07:15:10 +01:00
dependabot[bot]
302ae4ec57 Bump eslint-webpack-plugin from 3.2.0 to 4.0.0 
Bumps [eslint-webpack-plugin](https://github.com/webpack-contrib/eslint-webpack-plugin) from 3.2.0 to 4.0.0.
- [Release notes](https://github.com/webpack-contrib/eslint-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/eslint-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/eslint-webpack-plugin/compare/v3.2.0...v4.0.0)

---
updated-dependencies:
- dependency-name: eslint-webpack-plugin
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 06:06:27 +00:00
Jérémy Benoist
9bf6986e67 Merge pull request #6279 from wallabag/dependabot/composer/jms/serializer-3.22.0 2023-02-06 07:03:33 +01:00
Jérémy Benoist
30bea857f0 Merge pull request #6280 from wallabag/dependabot/npm_and_yarn/stylelint-webpack-plugin-4.0.0 2023-02-06 07:03:16 +01:00
Jérémy Benoist
363dd2ddbb Merge pull request #6282 from wallabag/dependabot/composer/doctrine/persistence-3.1.4 2023-02-06 07:02:56 +01:00
Jérémy Benoist
b945e04be8 Merge pull request #6283 from wallabag/dependabot/composer/jms/serializer-bundle-5.2.1 2023-02-06 07:02:36 +01:00
github-actions[bot]
add7d3d8b6 Merge pull request #6281 from wallabag/dependabot/npm_and_yarn/sass-1.58.0 
Bump sass from 1.57.1 to 1.58.0
 2023-02-06 03:10:57 +00:00
dependabot[bot]
c106ec7438 Bump jms/serializer-bundle from 5.2.0 to 5.2.1 
Bumps [jms/serializer-bundle](https://github.com/schmittjoh/JMSSerializerBundle) from 5.2.0 to 5.2.1.
- [Release notes](https://github.com/schmittjoh/JMSSerializerBundle/releases)
- [Changelog](https://github.com/schmittjoh/JMSSerializerBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/schmittjoh/JMSSerializerBundle/compare/5.2.0...5.2.1)

---
updated-dependencies:
- dependency-name: jms/serializer-bundle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:08:16 +00:00
dependabot[bot]
3ef570a474 Bump doctrine/persistence from 3.1.3 to 3.1.4 
Bumps [doctrine/persistence](https://github.com/doctrine/persistence) from 3.1.3 to 3.1.4.
- [Release notes](https://github.com/doctrine/persistence/releases)
- [Commits](https://github.com/doctrine/persistence/compare/3.1.3...3.1.4)

---
updated-dependencies:
- dependency-name: doctrine/persistence
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:06:39 +00:00
dependabot[bot]
22e0dfb8d6 Bump sass from 1.57.1 to 1.58.0 
Bumps [sass](https://github.com/sass/dart-sass) from 1.57.1 to 1.58.0.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.57.1...1.58.0)

---
updated-dependencies:
- dependency-name: sass
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:02:20 +00:00
dependabot[bot]
c4a72d7508 Bump stylelint-webpack-plugin from 3.3.0 to 4.0.0 
Bumps [stylelint-webpack-plugin](https://github.com/webpack-contrib/stylelint-webpack-plugin) from 3.3.0 to 4.0.0.
- [Release notes](https://github.com/webpack-contrib/stylelint-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/stylelint-webpack-plugin/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/stylelint-webpack-plugin/compare/v3.3.0...v4.0.0)

---
updated-dependencies:
- dependency-name: stylelint-webpack-plugin
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:01:46 +00:00
dependabot[bot]
e06f6735e3 Bump jms/serializer from 3.21.0 to 3.22.0 
Bumps [jms/serializer](https://github.com/schmittjoh/serializer) from 3.21.0 to 3.22.0.
- [Release notes](https://github.com/schmittjoh/serializer/releases)
- [Changelog](https://github.com/schmittjoh/serializer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/schmittjoh/serializer/compare/3.21.0...3.22.0)

---
updated-dependencies:
- dependency-name: jms/serializer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-06 03:01:30 +00:00
Jeremy Benoist
42b03d2834 Fix release script 
The release script cloned the master branch by default because we never have to clone something else from now.
The script will now clone the tag using the given VERSION parameter.
 2023-02-03 10:10:35 +01:00
github-actions[bot]
b32d6d448b Merge pull request #6272 from wallabag/dependabot/npm_and_yarn/http-cache-semantics-4.1.1 
Bump http-cache-semantics from 4.1.0 to 4.1.1
 2023-02-02 05:50:21 +00:00
dependabot[bot]
e6e171c8ee Bump http-cache-semantics from 4.1.0 to 4.1.1 
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/kornelski/http-cache-semantics/releases)
- [Commits](https://github.com/kornelski/http-cache-semantics/commits)

---
updated-dependencies:
- dependency-name: http-cache-semantics
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 05:43:19 +00:00
Jérémy Benoist
cc68ed2b5d Merge pull request #6270 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.1 2023-02-02 06:43:13 +01:00
Jérémy Benoist
db6a85afb1 Merge pull request #6271 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.22 2023-02-02 06:42:48 +01:00
dependabot[bot]
862660ae1a Bump phpstan/phpstan-symfony from 1.2.21 to 1.2.22 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.21 to 1.2.22.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.21...1.2.22)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 03:03:09 +00:00
dependabot[bot]
29d384598d Bump nelmio/api-doc-bundle from 4.11.0 to 4.11.1 
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases)
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.11.0...v4.11.1)

---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-02 03:02:10 +00:00
Nicolas Lœuillet
0c313d396b Merge pull request #6268 from wallabag/dependabot/composer/symfony/symfony-4.4.50 
Bump symfony/symfony from 4.4.49 to 4.4.50
 2023-02-01 21:54:40 +01:00
dependabot[bot]
522db91841 Bump symfony/symfony from 4.4.49 to 4.4.50 
Bumps [symfony/symfony](https://github.com/symfony/symfony) from 4.4.49 to 4.4.50.
- [Release notes](https://github.com/symfony/symfony/releases)
- [Changelog](https://github.com/symfony/symfony/blob/v4.4.50/CHANGELOG-4.4.md)
- [Commits](https://github.com/symfony/symfony/compare/v4.4.49...v4.4.50)

---
updated-dependencies:
- dependency-name: symfony/symfony
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 20:46:46 +00:00
Jérémy Benoist
8954100779 Merge pull request #6267 from wallabag/release/2.5.3 
Prepare 2.5.3
2.5.3 		2023-02-01 10:15:18 +01:00
Jeremy Benoist
b795622f06 Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9 Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Jérémy Benoist
0f7460dbab Merge pull request from GHSA-qwx8-mxxx-mg96 
ExportController: fix improper authorization vulnerability
 2023-02-01 09:30:43 +01:00
Jérémy Benoist
315d710f93 Merge pull request #6266 from wallabag/dependabot/composer/phpstan/phpstan-symfony-1.2.21 2023-02-01 07:09:46 +01:00
dependabot[bot]
3c5cfae0d5 Bump phpstan/phpstan-symfony from 1.2.20 to 1.2.21 
Bumps [phpstan/phpstan-symfony](https://github.com/phpstan/phpstan-symfony) from 1.2.20 to 1.2.21.
- [Release notes](https://github.com/phpstan/phpstan-symfony/releases)
- [Commits](https://github.com/phpstan/phpstan-symfony/compare/1.2.20...1.2.21)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-symfony
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-02-01 03:01:45 +00:00
Jérémy Benoist
849da17750 Merge pull request #6264 from weblate/weblate-wallabag-messages 2023-01-31 12:32:05 +01:00
Quentin PAGÈS
dc4687d75c Translated using Weblate (Occitan) 
Currently translated at 92.3% (533 of 577 strings)
 2023-01-31 11:50:16 +01:00
Jérémy Benoist
77a9c842fc Merge pull request #6262 from wallabag/dependabot/github_actions/dependabot/fetch-metadata-1.3.6 2023-01-30 04:55:55 +01:00
dependabot[bot]
8bd2bae841 Bump dependabot/fetch-metadata from 1.3.5 to 1.3.6 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.5 to 1.3.6.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.5...v1.3.6)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:07:21 +00:00
github-actions[bot]
a4f77189f0 Merge pull request #6261 from wallabag/dependabot/npm_and_yarn/eslint-8.33.0 
Bump eslint from 8.32.0 to 8.33.0
 2023-01-30 03:05:51 +00:00
dependabot[bot]
64381d9a62 Bump eslint from 8.32.0 to 8.33.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.32.0 to 8.33.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.32.0...v8.33.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-30 03:01:24 +00:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Jérémy Benoist
172d8da64b Merge pull request #6258 from wallabag/dependabot/composer/nelmio/api-doc-bundle-4.11.0 2023-01-26 05:15:01 +01:00
dependabot[bot]
69b262bfcd Bump nelmio/api-doc-bundle from 4.10.2 to 4.11.0 
Bumps [nelmio/api-doc-bundle](https://github.com/nelmio/NelmioApiDocBundle) from 4.10.2 to 4.11.0.
- [Release notes](https://github.com/nelmio/NelmioApiDocBundle/releases)
- [Changelog](https://github.com/nelmio/NelmioApiDocBundle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nelmio/NelmioApiDocBundle/compare/v4.10.2...v4.11.0)

---
updated-dependencies:
- dependency-name: nelmio/api-doc-bundle
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:01:37 +00:00
Jérémy Benoist
7ab6df9b8a Merge pull request #6257 from wallabag/dependabot/composer/symfony/phpunit-bridge-6.2.5 2023-01-25 07:31:44 +01:00
dependabot[bot]
f5c67c7973 Bump symfony/phpunit-bridge from 6.2.3 to 6.2.5 
Bumps [symfony/phpunit-bridge](https://github.com/symfony/phpunit-bridge) from 6.2.3 to 6.2.5.
- [Release notes](https://github.com/symfony/phpunit-bridge/releases)
- [Changelog](https://github.com/symfony/phpunit-bridge/blob/6.2/CHANGELOG.md)
- [Commits](https://github.com/symfony/phpunit-bridge/compare/v6.2.3...v6.2.5)

---
updated-dependencies:
- dependency-name: symfony/phpunit-bridge
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 03:01:39 +00:00
Jérémy Benoist
2e8ffa51b2 Merge pull request #6256 from wyntonfranklin/config-link-fix 2023-01-24 06:48:05 +01:00
Wynton Franklin
baddc525bb fix for config links 2023-01-23 18:19:49 -04:00