pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
8,420 Commits 12 Branches 98 Tags
ced2ea4015a42cf40fb4ea6a9f412f715486faac
Commit Graph

19 Commits

Author SHA1 Message Date
Jeremy Benoist
4dd380b7dd Fix test following 2.5 merge into master 2023-04-24 14:46:40 +02:00
Jeremy Benoist
66b7bdd07c Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Jeremy Benoist
b7dba18cb2 Cleanup 2022-11-23 15:51:33 +01:00
Yassine Guedidi
1bee0eeb29 Make repositories use ServiceEntityRepository 2022-08-31 02:05:30 +02:00
Kevin Decherf
69b563948d AnnotationRepository: rename getBuilderByUser 
We rename getBuilderByUser to getSortedQueryBuilderByUser as long as the
method currently returns a QueryBuilder with an orderBy()

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2018-09-05 18:44:08 +02:00
Nicolas Hart
52b84c11a5 Fix some namespaces and phpdoc 2017-07-29 22:51:50 +02:00
Jeremy Benoist
f808b01692 Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
Nicolas Lœuillet
13a592a128 Renamed methods 2017-03-31 17:03:08 +02:00
Nicolas Lœuillet
9102851f59 Added delete button on Baggy theme 2017-03-31 10:53:23 +02:00
Thomas Citharel
6da1aebc94 Allow to remove all archived entries 
Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2017-03-31 10:46:05 +02:00
Jeremy Benoist
9313ea9d44 Merge pull request #2401 from wallabag/reset-account 
Reset account
 2016-10-24 11:57:51 +02:00
Jeremy Benoist
b0de88f75d Use statements & update translation 2016-10-22 13:13:07 +02:00
Jeremy Benoist
8c61fd12b1 CS 2016-10-22 13:13:07 +02:00
Jeremy Benoist
191564b7f7 Add custom doctrine subscriber for SQLite 
Since SQLite doesn’t handle cascade remove by default, we need to handle it manually.

Also some refacto
 2016-10-22 13:13:07 +02:00
Jeremy Benoist
aa4741091f Add test on /api/annotations 
Fix controller forward in WallabagRestController.
Update PHPDoc so it is sorted the same way as others one
Duplicate all annotations test to use both api & normal way
Also, make annotation tests independent to each other
 2016-10-22 12:09:20 +02:00
Jeremy Benoist
b95ffda2a1 Fix hazardous bug with Postgres 
Instead of retrieving a random annotation, sort them to be sure they are all the same no matter the database used
 2016-03-12 10:45:14 +01:00
Jeremy Benoist
09d8bb6fa2 Improve tests 
- add more tests for coverage
- add a test on annotation deletion
- fix post annontation with ranges
 2016-03-11 17:59:42 +01:00
Nicolas Lœuillet
4dc872238a Rename CommentBundle with AnnotationBundle 2016-02-26 18:14:42 +01:00