pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
7,272 Commits 12 Branches 98 Tags
b795622f06d04ece7e1dea8d458eef1d2af8bce4
Commit Graph

541 Commits

Author SHA1 Message Date
Jeremy Benoist
b795622f06 Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9 Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
Jeremy Benoist
ea189503de Fix tests 2023-01-16 10:21:37 +01:00
Jeremy Benoist
dc28d7ea0f Add support to download SVG locally 2022-10-18 11:14:45 +02:00
Jeremy Benoist
d4b0b62bb5 Fix unrelated failing test 
LExpansion is down ATM.
Use a website which isn't down randomly.
 2022-10-17 21:49:03 +02:00
Jeremy Benoist
7b150dcd26 Add tests 2022-10-17 21:37:08 +02:00
Jeremy Benoist
53574f05d5 Fix random failing tests 
Looks like `20minutos.es` sometimes does not return the expected language.
Switching to `elpais.com` fix the problem.
 2022-10-10 09:15:26 +02:00
JT Smith
6da76ffaae Typofixes 2022-10-03 18:31:43 -06:00
Jeremy Benoist
812b4a906f Add nbEntries to the API tags list response 
So client will be able to do the same as in the web UI.

Also remove empty `div` from the tags template.
 2022-09-23 15:16:38 +02:00
Jeremy Benoist
cd4105bbe9 Fix tests 2022-08-22 19:57:57 +02:00
Jeremy Benoist
37019b5ad5 Fix tests 2022-05-13 14:15:19 +02:00
Jeremy Benoist
4947ea6758 Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jérémy Benoist
ebfbdb4519 Merge pull request #5381 from wallabag/tag-search-results 2022-05-13 07:09:18 +02:00
Jeremy Benoist
9f6414785c Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet
5077c46e4e Added action to tag search results 2022-04-20 22:57:25 +02:00
Jeremy Benoist
a885f5043a Update tests 2022-04-20 22:14:56 +02:00
Nicolas Lœuillet
33b1c252a7 fixed review 2022-04-20 22:12:49 +02:00
Nicolas Lœuillet
aaa03cc395 Added serialization group 2022-04-20 22:12:49 +02:00
Nicolas Lœuillet
bb12538fab Added new endpoint for API: config 2022-04-20 22:12:49 +02:00
Kevin Decherf
8f2fefe233 Merge pull request #5680 from wallabag/impr/intl 
Replace `iconv()` calls with Transliterator
 2022-03-21 22:28:49 +01:00
Kevin Decherf
1608bf5a4e Replace iconv() calls with Transliterator 
See https://stackoverflow.com/a/35178027/954513

Closes #5377

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2022-03-21 22:12:11 +01:00
Jeremy Benoist
0049ef390b Add some basic test 2022-03-21 21:29:30 +01:00
Jeremy Benoist
3a918cf30e Fix test with usinenouvelle.com being flaky these times 
Replace it with a more robust website 🤩
 2022-03-21 20:43:29 +01:00
Jérémy Benoist
eb99cacf43 Merge pull request #5664 from Simounet/feat/home-entries-updated 2022-03-15 09:34:00 +01:00
Adrien Gallou
29df8ed590 this change adds an option to sort the feed entires by updated_at 
There is now an option to sort the feed entires by updated_at, on the
controler : a sort querystring argument that accepts either "created"
or "updated".
 2022-03-14 22:58:45 +01:00
Simounet
85e91f9e67 CSS grid used for bloc mode entries and flex for card bloc 2022-03-14 22:09:07 +01:00
Jeremy Benoist
7ec0c9f844 Fix tests 2022-03-02 20:12:08 +01:00
Nicolas Lœuillet
cd975c5f13 Added annotated filter 2022-03-02 20:07:44 +01:00
Nicolas Lœuillet
6dfc031839 Enhanced tests and changed route 2022-03-02 20:07:43 +01:00
Nicolas Lœuillet
0aeaf0e8c2 Added tests 2022-03-02 20:07:17 +01:00
Jeremy Benoist
9a6146d2ef Merge remote-tracking branch 'origin/master' into 2.5.0 2022-03-02 20:03:33 +01:00
Jeremy Benoist
10d071a4f2 Fix tests 2022-03-02 19:28:48 +01:00
Jeremy Benoist
5c4993832e Fix tagging rule match when user a custom reading speed 
By default, we assume the reading speed is 200 word per minute (WPM) when we save an entry.
User can change that value in the config and the rendering is properly performed with the user reading speed.
BUT, when the matching rule is applied, it uses the default reading time defined in the entry without applying the custom reading speed of the user.
This should fix that bug.

Also update the `wallabag:tag:all` to fix the bug when tagging all entries.
 2022-03-02 19:12:33 +01:00
Jeremy Benoist
2b3ff84829 Avoid overlapping images when downloading them 2022-02-07 15:19:49 +01:00
Jeremy Benoist
3c507d676f Add build test on PHP 8.0 & 8.1 
Add `isTransactional` to `WallabagMigration` because PHP 8 behave differently with PDO transaction.
This is a workaround because we can't upgrade Doctrine Migration for now (upper versions have the fix).

- Build is now using Composer v2 (instead of v1)
- All actions have been updated to latest version
- Fix bug in PHP 8 were `$entry->getTags()` can't be properly used as a _traversable_ by `assertContains` during tests. Added a custom method `Entry::getTagsLabel()` which return a flatted tag array with only label
- Replace `assertNotRegExp` by `assertDoesNotMatchRegularExpression` because it was deprecated
 2022-01-31 12:59:39 +01:00
Jeremy Benoist
283675ccd0 Rebuild assets and update webpack config 
And optimize images (Thanks ImageOptim)
 2022-01-05 16:09:43 +01:00
Jeremy Benoist
0afd91a160 Remove dead test 
The URL seems to be down now.
Move to a more frequent deps update
 2022-01-05 13:25:50 +01:00
Nicolas Lœuillet
c34fe9945a Fixed test 2021-08-03 08:36:56 +02:00
Nicolas Lœuillet
609193cf59 Fixed unavailable russian website in test 2021-08-03 07:56:14 +02:00
Simounet
6324d30db2 Fix PHPUnit deprecated warning 2021-04-14 13:07:46 +02:00
Simounet
e491052b0d Fix 404 on real content test URL 2021-04-14 13:07:34 +02:00
Jeremy Benoist
7ca833bccb Fix tests 2021-03-18 11:44:57 +01:00
Kevin Decherf
7acd207054 Convert tag label to lowercase in RuleBasedTagger 
Fixes #4266

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2021-03-06 19:46:24 +01:00
Jeremy Benoist
38902a2f04 Fix test 2021-02-08 09:57:10 +01:00
Jeremy Benoist
a962a3ab13 CS 2021-02-08 09:56:25 +01:00
Jeremy Benoist
dd9d6a4c64 Add Delicious import 
Since 2021, you can export again your data \o/

Also fix indentation in json fixtures files.
 2021-02-08 09:47:56 +01:00
Nicolas Lœuillet
890c7d0bfa Added button to show entries with the same domain 2021-02-08 09:45:38 +01:00
Jeremy Benoist
f061581bbd Fix test 2021-02-08 09:38:01 +01:00