pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,552 Commits 12 Branches 98 Tags
3282d686bb0ba876cb3d765a06ddd49fef385570
Commit Graph

12 Commits

Author SHA1 Message Date
Jeremy Benoist
66b7bdd07c Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Casper Meijn
4f9c7a92a1 Update annotations to OpenApi 3 
Most of the API annotations are directly converted. The changes in meaning are:
- Parameters "in body" is not supported anymore. These are changed to "in query" or to a request body (depending on the code).
 2022-12-23 14:54:55 +01:00
Jeremy Benoist
27e788d0be Re-create all API routes 2022-11-23 12:44:55 +01:00
Casper Meijn
470a8575c0 Update to nelmio/api-doc 3.0 
Convert ApiDoc to Swagger
 2022-11-16 16:10:33 +01:00
Yassine Guedidi
481283bbee Migrate controller and action references 2022-08-26 17:47:46 +02:00
Yassine Guedidi
1c880883e2 Migrate ParamConverter class parameter 2022-08-26 17:47:46 +02:00
adev
86c1751186 Optionnal quote because the frontend does not use it 2019-11-27 14:38:35 +01:00
adev
8197f08266 API return an error with empty quote 
Fix #4137
 2019-11-27 14:38:35 +01:00
Jeremy Benoist
8d4ed0df06 Update deps 
Also CS (because cs-fixer got an update)

Package operations: 0 installs, 26 updates, 0 removals
  - Updating twig/twig (v2.12.1 => v2.12.2)
  - Updating symfony/symfony (v3.4.33 => v3.4.34)
  - Updating doctrine/event-manager (v1.0.0 => 1.1.0)
  - Updating doctrine/collections (v1.6.2 => 1.6.3)
  - Updating doctrine/cache (v1.8.1 => 1.9.0)
  - Updating doctrine/persistence (1.1.1 => 1.2.0)
  - Updating doctrine/inflector (v1.3.0 => 1.3.1)
  - Updating symfony/mime (v4.3.5 => v4.3.7)
  - Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3)
  - Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1)
  - Updating doctrine/dbal (v2.9.2 => v2.9.3)
  - Updating doctrine/instantiator (1.2.0 => 1.3.0)
  - Updating j0k3r/graby-site-config (1.0.93 => 1.0.94)
  - Updating phpoption/phpoption (1.5.0 => 1.5.2)
  - Updating symfony/http-client-contracts (v1.1.7 => v1.1.8)
  - Updating symfony/http-client (v4.3.5 => v4.3.7)
  - Updating sensiolabs/security-checker (v6.0.2 => v6.0.3)
  - Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0)
  - Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0)
  - Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7)
  - Updating composer/xdebug-handler (1.3.3 => 1.4.0)
  - Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0)
  - Updating doctrine/data-fixtures (v1.3.2 => 1.3.3)
  - Updating nette/schema (v1.0.0 => v1.0.1)
  - Updating nikic/php-parser (v4.2.4 => v4.3.0)
  - Updating sentry/sentry (2.2.2 => 2.2.4)
 2019-11-12 14:18:58 +01:00
Jeremy Benoist
f808b01692 Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
Jeremy Benoist
864c1dd23a Fix rest controller merge 2016-11-03 17:29:16 +01:00