27f0d94db7
Protect tag_delete with a CSRF token
2025-03-30 06:18:32 +02:00
cf49be6940
Protect tag_this_search with a CSRF token
2025-03-30 06:18:32 +02:00
ddf2e80842
Protect remove_tag with a CSRF token
2025-03-30 06:18:32 +02:00
d1e128900a
Protect delete_share with a CSRF token
2025-03-30 06:18:32 +02:00
0d8429dfc7
Protect share with a CSRF token
2025-03-30 06:18:32 +02:00
eb8408b22f
Protect delete_entry with a CSRF token
2025-03-30 06:18:32 +02:00
00d0e6f951
Protect star_entry with a CSRF token
2025-03-30 06:18:32 +02:00
edffef8375
Protect archive_entry with a CSRF token
2025-03-30 06:18:32 +02:00
3817010e29
Protect reload_entry with a CSRF token
2025-03-30 06:18:32 +02:00
ed1acf59e1
Protect changeLocale with a CSRF token
2025-03-30 06:18:29 +02:00
e162408139
Protect switch_view_mode with a CSRF token
2025-03-23 19:13:21 +01:00
6fa61c0f9c
Protect delete_ignore_origin_rule with a CSRF token
2025-03-23 19:13:17 +01:00
264f91126e
Protect delete_tagging_rule with a CSRF token
2025-03-23 19:13:14 +01:00
ac5b5fb379
Protect revoke_token with a CSRF token
2025-03-23 19:13:09 +01:00
d703fa6a3a
Protect generate_token with a CSRF token
2025-03-23 19:13:06 +01:00
3dffcadc03
Fix entries counter for annotated entries in the menu
...
The query were badly made and return all annotations for the current user instead of the total of entries with annotation(s).
2025-02-10 08:42:06 +01:00
82430b50c6
Fix redirection after action in search results
2024-11-21 13:36:20 +01:00
bd8ccf924f
Added Omnivore Import
2024-11-01 11:05:16 +01:00
898890c371
Fix tests
2024-07-15 13:11:18 +02:00
9bef459882
Make Redirect helper supports only absolute path reference URLs
2023-12-28 21:48:48 +01:00
7ebc96f3b9
Remove session-based redirection
2023-12-28 21:42:26 +01:00
f4493f7472
Remove support for fallback in Redirect helper
2023-12-28 21:42:12 +01:00
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
ffcc5c9062
Merge pull request from GHSA-gjvc-55fw-v6vq
...
Replace GET way to POST way to delete API client
2023-08-21 11:08:47 +02:00
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect
...
Fix: Use Session instead of Referrer for Redirection
2023-08-21 10:32:03 +02:00
c3d1f92278
Replace GET way to POST way to delete API client
2023-08-09 21:54:40 +02:00
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-08-09 21:39:03 +02:00
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array
...
Make Crawler::extract get an array
2023-08-09 11:03:03 +02:00
815158fefa
Merge pull request #6813 from yguedidi/replace-client-by-kernelbrowser
...
Replace Client by KernelBrowser
2023-08-08 23:36:06 +02:00
807d473564
Merge pull request #6811 from yguedidi/replace-getresponseevent-by-requestevent
...
Replace GetResponseEvent by RequestEvent
2023-08-08 16:53:18 +02:00
ec33ec14e5
Replace Client by KernelBrowser
2023-08-08 02:55:35 +01:00
093003d9af
Make Crawler::extract get an array
2023-08-07 22:51:18 +01:00
58a0ca2622
Replace GetResponseEvent by RequestEvent
2023-08-07 22:34:47 +01:00
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect
2023-08-06 20:14:44 +00:00
7d78e2ae06
Ensure the kernel is shut down before calling createClient
2023-08-06 13:48:53 +01:00
5fe5551972
Fix failing randomly test
2023-07-27 07:55:42 +02:00
c75d3e6961
Remove twofactor_auth parameter
...
Fix #6649
2023-07-15 16:18:01 +02:00
6639f7da6d
Fix export for same domain entries
2023-06-29 19:59:08 +02:00
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
...
Fixes #6330
2023-06-17 15:19:59 +02:00
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
19322142c3
Fixed testsuite
2023-06-16 14:27:26 +02:00
e5b72f3123
Fix Stylelint errors
2023-06-12 18:15:38 +02:00
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following
...
Fix DownloadImages not following redirections
2023-05-31 15:04:02 +02:00
548b610a17
Fix images downloading with numeric HTML entity
2023-05-30 13:38:50 +02:00
2f944aa74a
Fix DownloadImages not following redirections
2023-05-30 12:41:00 +02:00
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
5a5148707c
Fix API allowed_registration
...
Two configuration options need to be enabled to allow user registration via the API:
1) fosuser_registration, which indicates whether registration is allowed at all (frontend and API)
2) api_user_registration, which indicates whether registration is allowed via the API
2023-03-28 20:12:55 +02:00
