pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
7,273 Commits 12 Branches 98 Tags
89541007793f03e93a97369db47b6967af1efc0b
Commit Graph

13 Commits

Author SHA1 Message Date
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Jeremy Benoist
8d4ed0df06 Update deps 
Also CS (because cs-fixer got an update)

Package operations: 0 installs, 26 updates, 0 removals
  - Updating twig/twig (v2.12.1 => v2.12.2)
  - Updating symfony/symfony (v3.4.33 => v3.4.34)
  - Updating doctrine/event-manager (v1.0.0 => 1.1.0)
  - Updating doctrine/collections (v1.6.2 => 1.6.3)
  - Updating doctrine/cache (v1.8.1 => 1.9.0)
  - Updating doctrine/persistence (1.1.1 => 1.2.0)
  - Updating doctrine/inflector (v1.3.0 => 1.3.1)
  - Updating symfony/mime (v4.3.5 => v4.3.7)
  - Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3)
  - Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1)
  - Updating doctrine/dbal (v2.9.2 => v2.9.3)
  - Updating doctrine/instantiator (1.2.0 => 1.3.0)
  - Updating j0k3r/graby-site-config (1.0.93 => 1.0.94)
  - Updating phpoption/phpoption (1.5.0 => 1.5.2)
  - Updating symfony/http-client-contracts (v1.1.7 => v1.1.8)
  - Updating symfony/http-client (v4.3.5 => v4.3.7)
  - Updating sensiolabs/security-checker (v6.0.2 => v6.0.3)
  - Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0)
  - Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0)
  - Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7)
  - Updating composer/xdebug-handler (1.3.3 => 1.4.0)
  - Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0)
  - Updating doctrine/data-fixtures (v1.3.2 => 1.3.3)
  - Updating nette/schema (v1.0.0 => v1.0.1)
  - Updating nikic/php-parser (v4.2.4 => v4.3.0)
  - Updating sentry/sentry (2.2.2 => 2.2.4)
 2019-11-12 14:18:58 +01:00
Kevin Decherf
2a1ceb67b4 php-cs-fixer 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2018-09-05 14:25:32 +02:00
Jeremy Benoist
f40c88eb1f Jump to Symfony 3.3 & update others deps 
Also update tests urls
 2017-10-09 16:45:12 +02:00
Jeremy Benoist
f808b01692 Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
adev
2c3e148b00 Displays an error with an annotation with a too long quote 
Fix #2762
 2017-06-04 11:38:29 +02:00
Thomas Citharel
0c271b9eb0 fix cs and phpdoc 2016-10-22 09:06:07 +02:00
Thomas Citharel
b1e92f8c14 cs 2016-10-22 09:06:07 +02:00
Thomas Citharel
1eea248bb0 move code 2016-10-22 09:06:07 +02:00
Thomas Citharel
c7935f32d2 cs 2016-10-22 09:06:07 +02:00
Thomas Citharel
351eb8d97e bring annotations to API 2016-10-22 09:06:07 +02:00
Jeremy Benoist
4094ea4771 Convert array + phpDoc 
Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter
 2016-04-12 12:25:29 +02:00
Nicolas Lœuillet
4dc872238a Rename CommentBundle with AnnotationBundle 2016-02-26 18:14:42 +01:00