6ff00315d0
Fix search when search term has useless space
2023-08-21 13:16:14 +02:00
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect
...
Fix: Use Session instead of Referrer for Redirection
2023-08-21 10:32:03 +02:00
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-08-09 21:39:03 +02:00
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array
...
Make Crawler::extract get an array
2023-08-09 11:03:03 +02:00
ec33ec14e5
Replace Client by KernelBrowser
2023-08-08 02:55:35 +01:00
093003d9af
Make Crawler::extract get an array
2023-08-07 22:51:18 +01:00
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect
2023-08-06 20:14:44 +00:00
5fe5551972
Fix failing randomly test
2023-07-27 07:55:42 +02:00
c75d3e6961
Remove twofactor_auth parameter
...
Fix #6649
2023-07-15 16:18:01 +02:00
6639f7da6d
Fix export for same domain entries
2023-06-29 19:59:08 +02:00
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
...
Fixes #6330
2023-06-17 15:19:59 +02:00
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
e5b72f3123
Fix Stylelint errors
2023-06-12 18:15:38 +02:00
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
b795622f06
Prepare 2.5.3
2023-02-01 09:51:02 +01:00
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com >
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-27 23:34:14 +01:00
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-20 15:09:38 +01:00
ea189503de
Fix tests
2023-01-16 10:21:37 +01:00
2f2cfa2c2a
Add prefix for tag slugs
...
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.
Fixes #6048
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-11 23:20:13 +01:00
de5b138a59
Fix CS
2022-12-13 10:26:51 +01:00
fbccae8a79
fix: update remove tag test to accept root relative urls
2022-12-10 11:52:18 -06:00
dd2f2fe340
Fix pt_BR test
2022-11-29 18:01:46 -08:00
aa5c7f05b8
Upgrade to Symfony 4.4
...
- disable autowiring for Event (because the Entry entity was injected)
- rename `getClient()` for test to `getTestClient()` to avoid error while overriding (from `BrowserKitAssertionsTrait`)
2022-11-29 18:01:46 -08:00
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
1d3935fbd3
Remove LiipThemeBundle
...
As baggy theme was removed and material is the only remaining theme, we don't need a theme switched anymore.
So:
- move all `*.twig` files from the material theme folder to the root
- remove useless translations
2022-11-23 14:52:06 +01:00
680da52ea8
Fixed tests
2022-11-03 09:55:24 +01:00
594c609a54
Fixed edit button for tagging rules
2022-11-03 09:55:24 +01:00
aedaa50887
Fixed tests
2022-11-03 09:55:24 +01:00
29308024ac
Removed old, not so maintained and buggy baggy theme
2022-11-03 09:55:20 +01:00
c372d68cc1
Merge remote-tracking branch 'origin/master' into 2.6.0
2022-10-18 11:11:02 +02:00
53574f05d5
Fix random failing tests
...
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
2022-10-10 09:15:26 +02:00
98af2e25f2
Use ::class notation where possible
2022-09-01 20:54:56 +02:00
eb43c78720
Use FQCN instead of service alias
2022-09-01 09:07:19 +02:00
156158673f
Alias Config entity to ConfigEntity to not conflict with Craue Config
2022-09-01 09:07:18 +02:00
8b7b4975d6
Migrate getRepository with entities
2022-08-26 17:47:46 +02:00
844e8e9d22
Use FQCN as service name for helper services
2022-08-24 23:24:24 +02:00
131f21883d
Merge remote-tracking branch 'origin/master' into 2.6.0
2022-08-23 08:43:46 +02:00
cd4105bbe9
Fix tests
2022-08-22 19:57:57 +02:00
08eb190c95
Add support of mass action to tag entries
...
Closes #3118
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2022-06-29 15:48:41 +02:00
5291f7fb97
Fixed test
2022-06-16 15:18:10 +02:00
4feca1ccd5
Added tag deletion from tags list
...
Fixed #2952
2022-06-15 16:18:11 +02:00
37019b5ad5
Fix tests
2022-05-13 14:15:19 +02:00
4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0
2022-05-13 13:50:50 +02:00
9f6414785c
Fix tests
2022-04-20 23:13:17 +02:00
5077c46e4e
Added action to tag search results
2022-04-20 22:57:25 +02:00
1608bf5a4e
Replace iconv() calls with Transliterator
...
See https://stackoverflow.com/a/35178027/954513
Closes #5377
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2022-03-21 22:12:11 +01:00
eb99cacf43
Merge pull request #5664 from Simounet/feat/home-entries-updated
2022-03-15 09:34:00 +01:00
