4a5f769428
Merge remote-tracking branch 'origin/2.6' into port/2.6.7
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-10-25 22:09:21 +02:00
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
b1752b619d
Add display article configurator (font family, font size, line height and max width)
2023-08-22 13:02:50 +02:00
cbcfa69c05
Remove (useless) demo mode
...
Fix #6671
2023-08-21 13:16:56 +02:00
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-08-09 21:39:03 +02:00
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com >
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-27 23:34:14 +01:00
aa5c7f05b8
Upgrade to Symfony 4.4
...
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
2022-11-29 18:01:46 -08:00
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
1d3935fbd3
Remove LiipThemeBundle
...
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
2022-11-23 14:52:06 +01:00
680da52ea8
Fixed tests
2022-11-03 09:55:24 +01:00
594c609a54
Fixed edit button for tagging rules
2022-11-03 09:55:24 +01:00
aedaa50887
Fixed tests
2022-11-03 09:55:24 +01:00
29308024ac
Removed old, not so maintained and buggy baggy theme
2022-11-03 09:55:20 +01:00
eb43c78720
Use FQCN instead of service alias
2022-09-01 09:07:19 +02:00
156158673f
Alias Config entity to ConfigEntity to not conflict with Craue Config
2022-09-01 09:07:18 +02:00
8b7b4975d6
Migrate getRepository with entities
2022-08-26 17:47:46 +02:00
732ec8a2eb
Fix deprecated method in tests
2020-06-15 14:21:35 +02:00
71f7e58fbd
tests: add a NetworkCalls group for tests making network calls
...
Excluding this group can decrease the run time of tests during
development.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2020-04-25 15:59:23 +02:00
24230a5130
Add new Ignore Origin rules tab, update ConfigController
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2020-04-25 15:59:23 +02:00
4ff1efa418
Added a button to disable 2FA when enabled
2020-04-13 17:00:53 +02:00
af7b22a3be
Fixed default value for reading speed
2019-09-19 14:23:06 +02:00
4f46330087
Merge pull request #4053 from wallabag/feature/manual-input-reading-speed
...
Add ability to manually define the reading speed
2019-07-09 11:53:20 +02:00
41022cb289
Add ability to manually define the reading speed
...
Instead of using a select, let the user decide its own speed.
2019-07-08 20:18:59 +02:00
34be2d5de4
Add ability to import/export tagging rules
...
- Add missing translations
- Add some tests
- Add `/api/taggingrule/export` API endpoint
- Add baggy theme
- Add error message when importing tagging rules failed
- Also fix all translations (I think we are good now)
2019-07-08 09:38:32 +02:00
c4bf12aade
Add ability to revoke feed token
2019-06-05 17:55:13 +02:00
531c8d0a5c
Changed RSS to Atom feed and improve paging
2019-04-25 13:46:31 +02:00
a0c5eb003f
Change the way to enable 2FA
...
And add a step to validate a generated code from the OTP app
2019-01-23 13:28:24 +01:00
a6b242a1fd
Enable OTP 2FA
...
- Update SchebTwoFactorBundle to version 3
- Enable Google 2fa on the bundle
- Disallow ability to use both email and google as 2fa
- Update Ocramius Proxy Manager to handle typed function & attributes (from PHP 7)
- use `$this->addFlash` shortcut instead of `$this->get('session')->getFlashBag()->add`
- update admin to be able to create/reset the 2fa
2019-01-23 13:28:02 +01:00
1e0d8ad7b7
Enable PHPStan
...
- Fix error for level 0 & 1 (level 7 has 699 errors...)
- Add `updated_at` to site_credential (so the `timestamps()` method applies correctly)
2019-01-18 15:25:50 +01:00
4d4147b228
Ensure language is valid
...
- Do not override locale if user has choosen a locale from the login screen.
- Add some tests about locale url
2018-10-13 09:39:00 +02:00
7975395d10
Entry: add archived_at property and updateArchived method
2018-09-21 10:33:33 +02:00
778543311f
Fix tests
2018-06-06 17:34:20 +02:00
f808b01692
Add a real configuration for CS-Fixer
2017-07-01 09:52:38 +02:00
7ab5eb9508
Isolated tests
...
Use https://github.com/dmaicher/doctrine-test-bundle to have test isolation.
2017-05-31 16:03:54 +02:00
73f28afb19
Renamed countAllEntriesByUsername method
2017-03-31 10:46:47 +02:00
6da1aebc94
Allow to remove all archived entries
...
Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them.
Signed-off-by: Thomas Citharel <tcit@tcit.fr >
2017-03-31 10:46:05 +02:00
273b6f0658
Rename method from *username to *user
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr >
2017-03-30 16:07:48 +02:00
5aa0294cca
Limit rule to 255
...
To avoid database error
2016-12-03 11:10:39 +01:00
56a7ce17f3
Hide article text on mobile with list mode
2016-11-28 14:27:58 +01:00
8f3ff39ca3
Added test for list view
2016-11-28 14:27:58 +01:00
5066c3e066
Re-use FOSUser master branch
2016-11-22 21:25:05 +01:00
68003139e1
Merge remote-tracking branch 'origin/master' into 2.2
...
# Conflicts:
# .editorconfig
# docs/de/index.rst
# docs/de/user/import.rst
# docs/en/index.rst
# docs/en/user/configuration.rst
# docs/en/user/import.rst
# docs/fr/index.rst
# docs/fr/user/import.rst
# src/Wallabag/CoreBundle/Command/InstallCommand.php
# src/Wallabag/CoreBundle/Resources/translations/messages.da.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.de.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.en.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.es.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.fa.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.fr.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.it.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.oc.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.pl.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.pt.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.ro.yml
# src/Wallabag/CoreBundle/Resources/translations/messages.tr.yml
# src/Wallabag/CoreBundle/Resources/views/themes/baggy/Config/index.html.twig
# web/bundles/wallabagcore/themes/baggy/css/style.min.css
# web/bundles/wallabagcore/themes/baggy/js/baggy.min.js
# web/bundles/wallabagcore/themes/material/css/style.min.css
# web/bundles/wallabagcore/themes/material/js/material.min.js
2016-11-19 15:30:49 +01:00
540a9bc4a2
Added help on config screen
2016-11-17 09:22:39 +01:00
a42f38d9fb
Added a configuration to define the redirection after archiving an entry
...
Fix #496
2016-11-16 23:07:34 +01:00
94060509b8
Use more explicit check
2016-11-07 08:36:52 +01:00
