pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,645 Commits 12 Branches 98 Tags
46d6e4d92376da1db2a5f9cf4f2941a15d9a895e
Commit Graph

2670 Commits

Author SHA1 Message Date
Nicolas Lœuillet
c1397f43ac Add Pocket CSV import 2025-06-03 13:24:27 +02:00
Nicolas Lœuillet
b1614e9267 Add Pocket and Shaarli imports 2025-05-24 16:25:48 +02:00
Jeremy Benoist
262f674245 Avoid non-validated OTP to be enabled 
The OTP code must be required when enabling OTP. If the provided code is wrong, disable OTP, redirect and notice the user.
 2025-04-14 09:18:37 +02:00
Yassine Guedidi
677b2986bc Use 400 Bad Request errors for invalid CSRF everywhere 2025-03-30 06:18:32 +02:00
Yassine Guedidi
5ea5115a72 Protect mass_action with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
27f0d94db7 Protect tag_delete with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
cf49be6940 Protect tag_this_search with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
ddf2e80842 Protect remove_tag with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
d1e128900a Protect delete_share with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
0d8429dfc7 Protect share with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
eb8408b22f Protect delete_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
00d0e6f951 Protect star_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
edffef8375 Protect archive_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
3817010e29 Protect reload_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
ed1acf59e1 Protect changeLocale with a CSRF token 2025-03-30 06:18:29 +02:00
Yassine Guedidi
e162408139 Protect switch_view_mode with a CSRF token 2025-03-23 19:13:21 +01:00
Yassine Guedidi
6fa61c0f9c Protect delete_ignore_origin_rule with a CSRF token 2025-03-23 19:13:17 +01:00
Yassine Guedidi
264f91126e Protect delete_tagging_rule with a CSRF token 2025-03-23 19:13:14 +01:00
Yassine Guedidi
ac5b5fb379 Protect revoke_token with a CSRF token 2025-03-23 19:13:09 +01:00
Yassine Guedidi
d703fa6a3a Protect generate_token with a CSRF token 2025-03-23 19:13:06 +01:00
Kevin Decherf
f71d8332e0 Merge pull request #7999 from wallabag/fix/menu-entry-with-annotations 
Fix entries counter for annotated entries in the menu
 2025-02-10 10:12:45 +01:00
Jeremy Benoist
3dffcadc03 Fix entries counter for annotated entries in the menu 
The query were badly made and return all annotations for the current user instead of the total of entries with annotation(s).
 2025-02-10 08:42:06 +01:00
Ethan Ruffing
c4857564f3 Change NB_ELEMENTS in pocket importer to 30 to comply with Pocket API restriction. 2025-02-07 18:51:37 +01:00
Nicolas Lœuillet
08b68d4d87 Display tag label instead of tag slug in page title 2024-11-22 13:49:08 +01:00
Nicolas Lœuillet
82430b50c6 Fix redirection after action in search results 2024-11-21 13:36:20 +01:00
Nicolas Lœuillet
bd8ccf924f Added Omnivore Import 2024-11-01 11:05:16 +01:00
Nicolas Lœuillet
7ddf5066ef Replaced gitter with matrix 2024-10-31 08:17:40 +01:00
Jeremy Benoist
09c2ddb79e Use a proper "how to" for elCurator 2024-03-05 15:46:40 +01:00
Yassine Guedidi
a4820b21ca Fix same domain pagination 2024-02-18 23:29:59 +01:00
Yassine Guedidi
9bef459882 Make Redirect helper supports only absolute path reference URLs 2023-12-28 21:48:48 +01:00
Yassine Guedidi
7ebc96f3b9 Remove session-based redirection 2023-12-28 21:42:26 +01:00
Yassine Guedidi
f4493f7472 Remove support for fallback in Redirect helper 2023-12-28 21:42:12 +01:00
Yassine Guedidi
ffec47bd88 Use Redirect helper in ConfigController::changeViewModeAction 2023-12-28 21:26:30 +01:00
Jeremy Benoist
fa107116cc Prepare 2.6.7 release 2023-10-02 14:14:34 +02:00
Kevin Decherf
aa06e8328e ConfigController: remove 2fa cancel step 
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Kevin Decherf
5240684be9 ConfigController: move OTP endpoints to POST method only 
Fixes GHSA-56fm-hfp3-x3w3

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Simounet
6fab27f3ce Add tag form submit button always displayed 2023-09-29 15:35:33 +02:00
Nicolas Lœuillet
e4d69cafe4 Merge pull request #6991 from Simounet/feat/6971-mass-action-click-full-card 
Fix #6971 - Full clickable card on mass action
 2023-09-29 14:53:27 +02:00
Simounet
9bc026f343 Fix #6971 - Full clickable card on mass action 2023-09-27 19:25:16 +02:00
Simounet
a46fd5fc9f Fix deprecated null parameter passed to explode() 2023-09-26 18:02:46 +02:00
Jérémy Benoist
8ac80e934e Merge pull request #6912 from Simounet/feat/tag-mass-action-improved 
Mass action layout improved
 2023-09-04 13:25:05 +02:00
Simounet
4b04cd5746 Mass action tag layout updated 2023-09-04 12:00:16 +02:00
Simounet
137c8ab756 Count queries simplified 2023-09-01 11:53:44 +02:00
Simounet
2d7d16ee6c Tag mass action layout updated 2023-09-01 14:16:27 +02:00
Simounet
18615738c0 Title removed from footer's stats element 2023-08-31 12:34:36 +02:00
Simounet
452362c17a Untagged entries number removed from the filter's sidebar 2023-08-31 12:34:36 +02:00
Simounet
13b2752e8d Autocapitalize disabled for domain input filter 2023-08-28 09:54:51 +02:00
Simounet
634997c9b5 Good HTML type for HTTP status input filter 2023-08-28 09:54:45 +02:00
Nicolas Lœuillet
ca879c36de Prepare wallabag 2.6.3 2023-08-21 11:52:16 +02:00
Nicolas Lœuillet
ffcc5c9062 Merge pull request from GHSA-gjvc-55fw-v6vq 
Replace GET way to POST way to delete API client
 2023-08-21 11:08:47 +02:00