pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
7,282 Commits 12 Branches 98 Tags
812d6ac376a28634165dc9be343f47c9bb22bb83
Commit Graph

2450 Commits

Author SHA1 Message Date
Jérémy Benoist
268372dbbd Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion 
Fix CSRF on user deletion
 2023-02-07 21:52:51 +01:00
Jérémy Benoist
4e023bddc3 Merge pull request #6288 from wallabag/2.5/xss-username-share-page 
Fix XSS on username on share page
 2023-02-07 21:43:04 +01:00
Jeremy Benoist
f1b3d5cdd7 Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
242e3feac9 Fix adding tag to entries from other people 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
 2023-02-07 21:25:57 +01:00
Jeremy Benoist
bd4c71682e Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jeremy Benoist
b795622f06 Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9 Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
SAKATA, Yusuke
08ce432cea Translated using Weblate (Japanese) 
Currently translated at 97.7% (565 of 578 strings)
 2022-10-20 02:07:40 +02:00
Jeremy Benoist
dc28d7ea0f Add support to download SVG locally 2022-10-18 11:14:45 +02:00
Yotam Nachum
f994ab8b5d Add domain_name to entries api endpoint 2022-10-16 18:36:41 +03:00
Andrea Brandi
6f750a3b66 Translated using Weblate (Italian) 
Currently translated at 82.3% (476 of 578 strings)
 2022-10-13 00:29:42 +02:00
JT Smith
6da76ffaae Typofixes 2022-10-03 18:31:43 -06:00
Jeremy Benoist
812b4a906f Add nbEntries to the API tags list response 
So client will be able to do the same as in the web UI.

Also remove empty `div` from the tags template.
 2022-09-23 15:16:38 +02:00
Cthulhux
b768371a13 Translated using Weblate (German) 
Currently translated at 100.0% (578 of 578 strings)
 2022-09-22 00:19:06 +02:00
Matthaiks
db25a7f5d8 Translated using Weblate (Polish) 
Currently translated at 100.0% (7 of 7 strings)
 2022-09-19 09:02:44 +02:00
Matthaiks
f1dde1ac80 Translated using Weblate (Polish) 
Currently translated at 100.0% (578 of 578 strings)
 2022-09-19 09:02:44 +02:00
MarkLee
cbe77537b1 Translated using Weblate (Chinese (Traditional)) 
Currently translated at 13.4% (78 of 578 strings)
 2022-08-26 04:20:12 +02:00
Azorimor
e81f8043b3 Translated using Weblate (German) 
Currently translated at 100.0% (7 of 7 strings)
 2022-08-22 20:21:11 +02:00
Xosé M
bc4e9aa908 Translated using Weblate (Galician) 
Currently translated at 100.0% (578 of 578 strings)
 2022-08-15 13:10:37 +02:00
Oğuz Ersen
c92622ff5e Translated using Weblate (Turkish) 
Currently translated at 100.0% (578 of 578 strings)
 2022-07-21 21:17:47 +02:00
Strubbl
821093c033 Translated using Weblate (German) 
Currently translated at 99.1% (573 of 578 strings)
 2022-06-15 10:00:18 +02:00
Gil
e50f2daf76 Translated using Weblate (Portuguese) 
Currently translated at 62.6% (362 of 578 strings)
 2022-06-13 06:02:08 +02:00
Milo Ivir
274d6d325c Translated using Weblate (Croatian) 
Currently translated at 100.0% (578 of 578 strings)
 2022-06-13 06:02:08 +02:00
Jérémy
14a1755445 Translated using Weblate (French) 
Currently translated at 100.0% (578 of 578 strings)
 2022-06-09 07:16:39 +02:00
Kevin Decherf
932a1cb422 Translated using Weblate (Hungarian) 
Currently translated at 54.8% (317 of 578 strings)
 2022-06-06 20:14:33 +02:00
Kevin Decherf
e934516b28 Translated using Weblate (Thai) 
Currently translated at 78.3% (453 of 578 strings)
 2022-06-06 20:14:33 +02:00
Kevin Decherf
6999f32020 Translated using Weblate (Portuguese) 
Currently translated at 62.4% (361 of 578 strings)
 2022-06-06 20:14:32 +02:00
Kevin Decherf
9a5821eb09 Translated using Weblate (Polish) 
Currently translated at 86.8% (502 of 578 strings)
 2022-06-06 20:14:32 +02:00
Kevin Decherf
67e1bb06b7 Translated using Weblate (Occitan) 
Currently translated at 82.8% (479 of 578 strings)
 2022-06-06 20:14:31 +02:00
Kevin Decherf
a56c5d07ba Translated using Weblate (Italian) 
Currently translated at 82.1% (475 of 578 strings)
 2022-06-06 20:14:30 +02:00
Kevin Decherf
338d8b25e2 Translated using Weblate (French) 
Currently translated at 98.7% (571 of 578 strings)
 2022-06-06 20:14:30 +02:00
Jérémy Benoist
031f5d27d8 Fix error about template not found 
Following bundle inheritance removal
 2022-05-30 13:40:26 +02:00
Reza Almanda
e0f234e568 Translated using Weblate (Indonesian) 
Currently translated at 1.3% (8 of 578 strings)
 2022-05-19 06:17:19 +02:00
Xosé M
4649745a6f Translated using Weblate (Galician) 
Currently translated at 100.0% (578 of 578 strings)
 2022-05-19 06:17:18 +02:00
Eric
c713d5bf60 Translated using Weblate (Chinese (Simplified)) 
Currently translated at 100.0% (578 of 578 strings)
 2022-05-16 06:16:42 +02:00
Kevin Decherf
5809d7b072 Merge pull request #5794 from wallabag/2.5.0 
Merge branch 2.5.0 in master
 2022-05-14 16:44:13 +02:00
Jeremy Benoist
4947ea6758 Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jeremy Benoist
c87c91d3df Update message 2022-05-13 09:56:35 +02:00
Eric
9a045b87ab Translated using Weblate (Chinese (Simplified)) 
Currently translated at 100.0% (570 of 570 strings)
 2022-05-13 07:19:34 +02:00
Jérémy Benoist
ebfbdb4519 Merge pull request #5381 from wallabag/tag-search-results 2022-05-13 07:09:18 +02:00
Kevin Decherf
3818cfe15f Merge pull request #5673 from wallabag/api-config-endpoint 
Add new endpoint for API: config
 2022-05-13 00:50:32 +02:00
Xosé M
5ccfc98b47 Translated using Weblate (Galician) 
Currently translated at 100.0% (569 of 569 strings)
 2022-05-06 08:14:32 +02:00
Jérémy Benoist
e90a7c20e2 Merge pull request #5742 from wallabag/fix/deprecated-baggy-theme 2022-05-03 05:40:38 +02:00
Jérémy Benoist
dcddd4bdae Merge pull request #5744 from jonas-hagen/domainname-www 2022-04-24 08:11:43 +02:00
Yassine Guedidi
82fc828442 Remove bundle inheritance 2022-04-24 05:56:44 +02:00
Jonas Hagen
0396e15098 Use site with subdomain as tagging rule example 
Fixes wallabag/doc#104
This change affects all translations in documentation and wallabag source.
 2022-04-23 23:26:46 +02:00
Jeremy Benoist
9f6414785c Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e Added action to tag search results 2022-04-20 22:57:25 +02:00