pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,999 Commits 12 Branches 98 Tags
c5d42d8a2f27796ec4ff3485e2daab744cd7aa4c
Commit Graph

427 Commits

Author SHA1 Message Date
Yassine Guedidi
16c239aa78 Merge branch '2.6' into merge-2.6-in-master 2024-01-03 11:08:10 +01:00
Yassine Guedidi
9bef459882 Make Redirect helper supports only absolute path reference URLs 2023-12-28 21:48:48 +01:00
Yassine Guedidi
7ebc96f3b9 Remove session-based redirection 2023-12-28 21:42:26 +01:00
Yassine Guedidi
f4493f7472 Remove support for fallback in Redirect helper 2023-12-28 21:42:12 +01:00
Yassine Guedidi
babe87c33b Fix createClient() depreciation 2023-12-25 10:39:25 +01:00
Kevin Decherf
4a5f769428 Merge remote-tracking branch 'origin/2.6' into port/2.6.7 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-10-25 22:09:21 +02:00
Jeremy Benoist
fa107116cc Prepare 2.6.7 release 2023-10-02 14:14:34 +02:00
Kevin Decherf
aa06e8328e ConfigController: remove 2fa cancel step 
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Kevin Decherf
5240684be9 ConfigController: move OTP endpoints to POST method only 
Fixes GHSA-56fm-hfp3-x3w3

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Jeremy Benoist
c6ff0bc691 Remove remaining MOBI stuff 2023-08-23 08:49:56 +02:00
Nicolas Lœuillet
b1752b619d Add display article configurator (font family, font size, line height and max width) 2023-08-22 13:02:50 +02:00
Yassine Guedidi
8ef6a14652 Resolve self depreciation 2023-08-22 01:43:00 +02:00
Nicolas Lœuillet
981d6a47da Merge pull request #6793 from wallabag/fix-4414 
Fix search when search term has useless space
 2023-08-21 20:19:16 +02:00
Nicolas Lœuillet
4b338afa40 Merge pull request #6771 from wallabag/add-annotations-in-search 
Add articles which have annotations with search term in results
 2023-08-21 20:19:00 +02:00
Nicolas Lœuillet
1c2190fd68 Merge pull request #6769 from wallabag/add-not-parsed-boolean 
Add `isNotParsed` field on Entry entity
 2023-08-21 20:18:44 +02:00
Nicolas Lœuillet
407dd48ed0 Merge pull request #6767 from wallabag/remove-demo 
Remove (useless) demo mode
 2023-08-21 20:18:18 +02:00
Nicolas Lœuillet
397ad455e6 Merge pull request #6655 from wallabag/add-command-to-update-picture-url 
Add command to clean pictures path when changing instance URL
 2023-08-21 20:17:40 +02:00
Nicolas Lœuillet
88c9df9b80 Add command to clean pictures path when changing instance URL 2023-08-21 13:17:13 +02:00
Nicolas Lœuillet
cbcfa69c05 Remove (useless) demo mode 
Fix #6671
 2023-08-21 13:16:56 +02:00
Nicolas Lœuillet
20578f0b8e Add isNotParsed field on Entry entity 
Fix #4350
 2023-08-21 13:16:42 +02:00
Nicolas Lœuillet
18e1106f76 Add articles which have annotations with search term in results 
Fix #3635
 2023-08-21 13:16:36 +02:00
Nicolas Lœuillet
6ff00315d0 Fix search when search term has useless space 2023-08-21 13:16:14 +02:00
Yassine Guedidi
0f17a8cf8a PHPStan level 3 2023-08-21 12:03:38 +02:00
Nicolas Lœuillet
78b0b55c40 Merge pull request from GHSA-p8gp-899c-jvq9 
Replace GET way to POST way to reset data user
 2023-08-21 11:08:24 +02:00
Nicolas Lœuillet
383dcc5c45 Merge pull request #6119 from Spoons/feat_referer_to_session_redirect 
Fix: Use Session instead of Referrer for Redirection
 2023-08-21 10:32:03 +02:00
Nicolas Lœuillet
a9893d754f Replace GET way to POST way to reset data user 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-08-09 21:39:03 +02:00
Kevin Decherf
0ccbd653fa Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array 
Make Crawler::extract get an array
 2023-08-09 11:03:03 +02:00
Kevin Decherf
815158fefa Merge pull request #6813 from yguedidi/replace-client-by-kernelbrowser 
Replace Client by KernelBrowser
 2023-08-08 23:36:06 +02:00
Kevin Decherf
807d473564 Merge pull request #6811 from yguedidi/replace-getresponseevent-by-requestevent 
Replace GetResponseEvent by RequestEvent
 2023-08-08 16:53:18 +02:00
Yassine Guedidi
ec33ec14e5 Replace Client by KernelBrowser 2023-08-08 02:55:35 +01:00
Yassine Guedidi
093003d9af Make Crawler::extract get an array 2023-08-07 22:51:18 +01:00
Yassine Guedidi
58a0ca2622 Replace GetResponseEvent by RequestEvent 2023-08-07 22:34:47 +01:00
Michael Ciociola
ced2ea4015 Merge branch 'master' into feat_referer_to_session_redirect 2023-08-06 20:14:44 +00:00
Yassine Guedidi
7d78e2ae06 Ensure the kernel is shut down before calling createClient 2023-08-06 13:48:53 +01:00
Nicolas Lœuillet
5fe5551972 Fix failing randomly test 2023-07-27 07:55:42 +02:00
Nicolas Lœuillet
c75d3e6961 Remove twofactor_auth parameter 
Fix #6649
 2023-07-15 16:18:01 +02:00
Nicolas Lœuillet
6639f7da6d Fix export for same domain entries 2023-06-29 19:59:08 +02:00
Nicolas Lœuillet
28db6c22eb Fix duplicate tags creation when assigning search results to tag 
Fixes #6330
 2023-06-17 15:19:59 +02:00
Nicolas Lœuillet
7eddea6ff7 Added test 2023-06-16 14:27:27 +02:00
Simounet
e5b72f3123 Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Jérémy Benoist
bea10aacbe Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following 
Fix DownloadImages not following redirections
 2023-05-31 15:04:02 +02:00
Simounet
548b610a17 Fix images downloading with numeric HTML entity 2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a Fix DownloadImages not following redirections 2023-05-30 12:41:00 +02:00
Jeremy Benoist
66b7bdd07c Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Jeremy Benoist
a237414f9c Skip test because of encoding issue in PHP 8.1 2023-03-24 22:57:11 +01:00
Jeremy Benoist
f1b3d5cdd7 Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist
b795622f06 Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist
5ac6b6bff9 Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf
0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00