pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,296 Commits 12 Branches 98 Tags
36c3a7d505544d5097a94c2146d9bc7f36f79c09
Commit Graph

2585 Commits

Author SHA1 Message Date
Nicolas Lœuillet
74848a4794 Fix undefined variable 2023-06-26 17:41:55 +02:00
Nicolas Lœuillet
f511af6fda Add confirmation alert when deleting articles from list view 2023-06-20 17:30:31 +02:00
Nicolas Lœuillet
708bb261d0 Update quickstart content 2023-06-19 13:59:34 +02:00
Nicolas Lœuillet
fedd6c9eda Remove hardcoded string 2023-06-19 10:08:51 +02:00
Nicolas Lœuillet
28db6c22eb Fix duplicate tags creation when assigning search results to tag 
Fixes #6330
 2023-06-17 15:19:59 +02:00
Simounet
619499d455 [Boyscout] Settings: Reduced width for the default mark as read container 2023-06-16 14:28:57 +02:00
Simounet
97a87235a1 Setting to show / hide articles thumbnails styling 2023-06-16 14:28:57 +02:00
Nicolas Lœuillet
7eddea6ff7 Added test 2023-06-16 14:27:27 +02:00
Nicolas Lœuillet
19322142c3 Fixed testsuite 2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
46521e48e5 PHP CS fix 2023-06-16 14:27:26 +02:00
Nicolas Lœuillet
a94d7503c2 Added new setting to show / hide articles thumbnails 2023-06-16 14:27:15 +02:00
Nicolas Lœuillet
54b3977a3c Update main contributors 2023-06-16 11:40:33 +02:00
Simounet
78f66c72fc Remove annotation text on entry without any 2023-06-15 23:17:30 +02:00
Simounet
18943d191f [Boyscout] Useless title on tags removed 2023-06-15 23:14:02 +02:00
Simounet
5d1abde36d Entry view tags styled udpated 2023-06-15 23:13:45 +02:00
Nicolas Lœuillet
ae975fdba0 Update translation key 2023-06-15 17:06:31 +02:00
Nicolas Lœuillet
439e906c44 Merge pull request #6619 from Simounet/fix/6618-mass-action-not-submitting 
Fix #6618 mass action buttons not submitting anything
 2023-06-15 15:00:42 +02:00
Simounet
09af754a33 Fix #6618 mass action buttons not submitting anything 2023-06-15 14:52:59 +02:00
Simounet
fcb880fbd1 Empty space on the top bar used for more add url toggle clickable target 2023-06-14 21:54:57 +02:00
Nicolas Lœuillet
96cf34f730 Added flash message when we try to add to much tags 2023-06-13 13:06:35 +02:00
Simounet
fe740f4a69 Fix RSS feed_route not set 2023-06-12 19:05:38 +02:00
Simounet
3c7457801f index class added to body 2023-06-12 18:15:39 +02:00
Simounet
e5b72f3123 Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Kevin Decherf
3e02a8aaf5 Merge pull request #6547 from Simounet/feat/mass-action-ui 
Feat/mass action UI
 2023-06-01 22:20:05 +02:00
Jérémy Benoist
bea10aacbe Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following 
Fix DownloadImages not following redirections
 2023-05-31 15:04:02 +02:00
Simounet
548b610a17 Fix images downloading with numeric HTML entity 2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a Fix DownloadImages not following redirections 2023-05-30 12:41:00 +02:00
Simounet
81f58df7b8 Mass action tag layout updated 2023-05-26 21:14:32 +02:00
Simounet
f9143c4255 [Boyscout] Elements in need of entries hidden if no entry available 2023-05-25 22:22:48 +02:00
Simounet
d0aad7b96d Mass actions available on cards view 
fixup! Mass action toggle button added
 2023-05-25 22:04:44 +02:00
Simounet
384918cda9 Mass action toggle button added 2023-05-25 21:56:09 +02:00
Simounet
eae4d5a142 [Boyscout] Feed link HTML facto 2023-05-25 21:56:08 +02:00
Martin Trigaux
26a4030e87 [FIX] round reading time in export 
Before this commit, the exported entry (pdf, epub,...) could look like:

Estimated reading time:
2.6666666666667 min

Now it will be:
Estimated reading time
3 min
 2023-05-24 17:07:44 +02:00
Jeremy Benoist
4dd380b7dd Fix test following 2.5 merge into master 2023-04-24 14:46:40 +02:00
Jeremy Benoist
66b7bdd07c Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Casper Meijn
5a5148707c Fix API allowed_registration 
Two configuration options need to be enabled to allow user registration via the API:
1) fosuser_registration, which indicates whether registration is allowed at all (frontend and API)
2) api_user_registration, which indicates whether registration is allowed via the API
 2023-03-28 20:12:55 +02:00
Jérémy
1003e8f074 Deleted translation using Weblate (English (United States)) 2023-03-27 12:10:09 +02:00
Jérémy Benoist
268372dbbd Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion 
Fix CSRF on user deletion
 2023-02-07 21:52:51 +01:00
Jérémy Benoist
4e023bddc3 Merge pull request #6288 from wallabag/2.5/xss-username-share-page 
Fix XSS on username on share page
 2023-02-07 21:43:04 +01:00
Jeremy Benoist
f1b3d5cdd7 Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
242e3feac9 Fix adding tag to entries from other people 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
 2023-02-07 21:25:57 +01:00
Jeremy Benoist
bd4c71682e Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jeremy Benoist
b795622f06 Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9 Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Wynton Franklin
baddc525bb fix for config links 2023-01-23 18:19:49 -04:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Kevin Decherf
2f2cfa2c2a Add prefix for tag slugs 
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.

Fixes #6048

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-11 23:20:13 +01:00
Jérémy Benoist
7625e36b5a Merge pull request #6182 from caspermeijn/openapi3 
Update annotations to OpenApi 3
 2023-01-02 10:39:56 +01:00
Casper Meijn
4f9c7a92a1 Update annotations to OpenApi 3 
Most of the API annotations are directly converted. The changes in meaning are:
- Parameters "in body" is not supported anymore. These are changed to "in query" or to a request body (depending on the code).
 2022-12-23 14:54:55 +01:00