wallabag

Author	SHA1	Message	Date
Jeremy Benoist	4dd380b7dd	Fix test following 2.5 merge into master	2023-04-24 14:46:40 +02:00
Jeremy Benoist	66b7bdd07c	Merge remote-tracking branch 'origin/2.5.x'	2023-04-24 14:36:32 +02:00
Kevin Decherf	3ed7f2b751	AnnotationController: fix improper authorization vulnerability This PR is based on 2.5.x branch. We fix the improper authorization by retrieving the annotation using id and user id. We also replace the ParamConverter used to get the requested Annotation on put and delete actions with an explicit call to AnnotationRepository in order to prevent a resource enumeration through response discrepancy. Fixes GHSA-mrqx-mjc4-vfh3 Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com> Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2023-01-27 23:34:14 +01:00
Jeremy Benoist	6aca334d53	Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action	2022-12-19 10:38:08 +01:00
Jeremy Benoist	33267f0736	Update to FOSUserBundle 3.1 Also remove some deprecation from Symfony. Use `LegacyEventDispatcherProxy` to handle Symfony 4 dispatch from FOSUser	2022-12-14 09:42:17 +01:00
Jeremy Benoist	b7dba18cb2	Cleanup	2022-11-23 15:51:33 +01:00
Jeremy Benoist	27e788d0be	Re-create all API routes	2022-11-23 12:44:55 +01:00
Yassine Guedidi	eb43c78720	Use FQCN instead of service alias	2022-09-01 09:07:19 +02:00
Yassine Guedidi	1bee0eeb29	Make repositories use ServiceEntityRepository	2022-08-31 02:05:30 +02:00
Yassine Guedidi	481283bbee	Migrate controller and action references	2022-08-26 17:47:46 +02:00
Yassine Guedidi	1c880883e2	Migrate ParamConverter class parameter	2022-08-26 17:47:46 +02:00
Yassine Guedidi	8b7b4975d6	Migrate getRepository with entities	2022-08-26 17:47:46 +02:00
Yassine Guedidi	327fa7d527	Extend right FOSRestBundle controller class	2022-08-15 12:59:28 +02:00
Jeremy Benoist	7332d1f4e5	Remove support for PHP < 7.2 Updating deps - Removing electrolinux/php-html5lib (0.1.0) - Updating doctrine/inflector (1.3.1 => 1.4.3) - Updating doctrine/lexer (1.0.2 => 1.2.1) - Installing symfony/polyfill-php80 (v1.17.0) - Updating symfony/service-contracts (v1.1.8 => v2.1.2) - Installing symfony/deprecation-contracts (v2.1.2) - Updating symfony/mime (v4.4.8 => v5.1.1) - Updating friendsofsymfony/rest-bundle (2.7.4 => 2.8.0) - Updating doctrine/instantiator (1.3.0 => 1.3.1) - Updating ocramius/proxy-manager (2.1.1 => 2.2.3) - Updating php-http/discovery (1.7.4 => 1.8.0) - Updating symfony/http-client-contracts (v1.1.8 => v2.1.2) - Updating symfony/http-client (v4.4.8 => v5.1.1) - Updating php-http/httplug-bundle (1.16.0 => 1.18.0) - Updating symfony/phpunit-bridge (v4.3.11 => v5.1.1) - Updating doctrine/data-fixtures (1.3.3 => 1.4.3) - Updating composer/xdebug-handler (1.4.1 => 1.4.2) - Updating masterminds/html5 (2.7.0 => 2.7.1) - Updating j0k3r/php-readability (1.2.4 => 1.2.5) - Updating phpoption/phpoption (1.7.3 => 1.7.4) - Updating nikic/php-parser (v4.4.0 => v4.5.0) - Installing thecodingmachine/safe (v1.1.1) - Updating spomky-labs/otphp (v9.1.4 => v10.0.1) - Updating pagerfanta/pagerfanta (v2.1.3 => v2.3.0) Package white-october/pagerfanta-bundle is abandoned, you should avoid using it. Use babdev/pagerfanta-bundle instead. - Removing white-october/pagerfanta-bundle (v1.3.2) - Installing babdev/pagerfanta-bundle (v2.4.2) Upgrading PHPStan to 0.12 and use extension installer - Removing phpstan/phpdoc-parser (0.3.5) - Removing nette/utils (v3.1.2) - Removing nette/schema (v1.0.2) - Removing nette/robot-loader (v3.2.3) - Removing nette/php-generator (v3.4.0) - Removing nette/neon (v3.1.2) - Removing nette/finder (v2.5.2) - Removing nette/di (v3.0.4) - Removing nette/bootstrap (v3.0.2) - Updating phpstan/phpstan (0.11.19 => 0.12.29) - Updating phpstan/phpstan-doctrine (0.11.6 => 0.12.16) - Updating phpstan/phpstan-phpunit (0.11.2 => 0.12.11) - Updating phpstan/phpstan-symfony (0.11.6 => 0.12.6) - Installing phpstan/extension-installer (1.0.4) Upgrading jms/serializer-bundle to version 3 (and willdurand/hateoas-bundle to version 2) - Removing phpoption/phpoption (1.7.4) - Removing phpcollection/phpcollection (0.5.0) - Removing jms/parser-lib (1.0.0) - Updating jms/metadata (1.7.0 => 2.3.0) - Updating jms/serializer (1.14.1 => 3.7.0) - Updating jms/serializer-bundle (2.4.4 => 3.6.0) - Updating willdurand/hateoas (2.12.0 => 3.6.0) - Updating willdurand/hateoas-bundle (1.4.0 => 2.1.0) Upgrading dama/doctrine-test-bundle to version 6 - Updating dama/doctrine-test-bundle (v5.0.3 => v6.2.0)	2020-06-15 08:25:59 +02:00
adev	86c1751186	Optionnal quote because the frontend does not use it	2019-11-27 14:38:35 +01:00
adev	8197f08266	API return an error with empty quote Fix #4137	2019-11-27 14:38:35 +01:00
Jeremy Benoist	8d4ed0df06	Update deps Also CS (because cs-fixer got an update) Package operations: 0 installs, 26 updates, 0 removals - Updating twig/twig (v2.12.1 => v2.12.2) - Updating symfony/symfony (v3.4.33 => v3.4.34) - Updating doctrine/event-manager (v1.0.0 => 1.1.0) - Updating doctrine/collections (v1.6.2 => 1.6.3) - Updating doctrine/cache (v1.8.1 => 1.9.0) - Updating doctrine/persistence (1.1.1 => 1.2.0) - Updating doctrine/inflector (v1.3.0 => 1.3.1) - Updating symfony/mime (v4.3.5 => v4.3.7) - Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3) - Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1) - Updating doctrine/dbal (v2.9.2 => v2.9.3) - Updating doctrine/instantiator (1.2.0 => 1.3.0) - Updating j0k3r/graby-site-config (1.0.93 => 1.0.94) - Updating phpoption/phpoption (1.5.0 => 1.5.2) - Updating symfony/http-client-contracts (v1.1.7 => v1.1.8) - Updating symfony/http-client (v4.3.5 => v4.3.7) - Updating sensiolabs/security-checker (v6.0.2 => v6.0.3) - Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0) - Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0) - Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7) - Updating composer/xdebug-handler (1.3.3 => 1.4.0) - Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0) - Updating doctrine/data-fixtures (v1.3.2 => 1.3.3) - Updating nette/schema (v1.0.0 => v1.0.1) - Updating nikic/php-parser (v4.2.4 => v4.3.0) - Updating sentry/sentry (2.2.2 => 2.2.4)	2019-11-12 14:18:58 +01:00
Jeremy Benoist	db9b6d8d0d	Update fixtures	2018-11-28 22:04:54 +01:00
Kevin Decherf	69b563948d	AnnotationRepository: rename getBuilderByUser We rename getBuilderByUser to getSortedQueryBuilderByUser as long as the method currently returns a QueryBuilder with an orderBy() Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2018-09-05 18:44:08 +02:00
Kevin Decherf	2a1ceb67b4	php-cs-fixer Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2018-09-05 14:25:32 +02:00
Jeremy Benoist	f40c88eb1f	Jump to Symfony 3.3 & update others deps Also update tests urls	2017-10-09 16:45:12 +02:00
Nicolas Hart	52b84c11a5	Fix some namespaces and phpdoc	2017-07-29 22:51:50 +02:00
Jeremy Benoist	927c9e796f	Add EntityTimestampsTrait to handle dates Refactorize timestamps() method to avoid re-writing it on each entity	2017-07-06 09:01:51 +02:00
Jeremy Benoist	f808b01692	Add a real configuration for CS-Fixer	2017-07-01 09:52:38 +02:00
adev	2c3e148b00	Displays an error with an annotation with a too long quote Fix #2762	2017-06-04 11:38:29 +02:00
Nicolas Lœuillet	13a592a128	Renamed methods	2017-03-31 17:03:08 +02:00
Nicolas Lœuillet	9102851f59	Added delete button on Baggy theme	2017-03-31 10:53:23 +02:00
Thomas Citharel	6da1aebc94	Allow to remove all archived entries Since we still support fucking SQLite, we need to retrieve all tags & annotations for archived entries before deleting them. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2017-03-31 10:46:05 +02:00
Jeremy Benoist	9313ea9d44	Merge pull request #2401 from wallabag/reset-account Reset account	2016-10-24 11:57:51 +02:00
Jeremy Benoist	b0de88f75d	Use statements & update translation	2016-10-22 13:13:07 +02:00
Jeremy Benoist	8c61fd12b1	CS	2016-10-22 13:13:07 +02:00
Jeremy Benoist	191564b7f7	Add custom doctrine subscriber for SQLite Since SQLite doesn’t handle cascade remove by default, we need to handle it manually. Also some refacto	2016-10-22 13:13:07 +02:00
Jeremy Benoist	206bade58a	Add ability to reset some datas - annotations - tags - entries	2016-10-22 13:13:06 +02:00
Jeremy Benoist	aa4741091f	Add test on /api/annotations Fix controller forward in WallabagRestController. Update PHPDoc so it is sorted the same way as others one Duplicate all annotations test to use both api & normal way Also, make annotation tests independent to each other	2016-10-22 12:09:20 +02:00
Thomas Citharel	0c271b9eb0	fix cs and phpdoc	2016-10-22 09:06:07 +02:00
Thomas Citharel	b1e92f8c14	cs	2016-10-22 09:06:07 +02:00
Thomas Citharel	1eea248bb0	move code	2016-10-22 09:06:07 +02:00
Thomas Citharel	c7935f32d2	cs	2016-10-22 09:06:07 +02:00
Thomas Citharel	351eb8d97e	bring annotations to API	2016-10-22 09:06:07 +02:00
Jeremy Benoist	b0458874c8	Fix relations export for Entry Tags & Annotations weren’t really well exported. This is now fixed (+ tests)	2016-10-07 07:43:19 +02:00
Jeremy Benoist	23634d5d84	Jump to Symfony 3.1	2016-06-22 17:59:35 +02:00
Jeremy Benoist	4094ea4771	Convert array + phpDoc Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter	2016-04-12 12:25:29 +02:00
Jeremy Benoist	5d6f6f56a2	Some cleanup - travis tabulation - extra namespace definition in entities	2016-03-27 20:36:35 +02:00
Jeremy Benoist	b95ffda2a1	Fix hazardous bug with Postgres Instead of retrieving a random annotation, sort them to be sure they are all the same no matter the database used	2016-03-12 10:45:14 +01:00
Jeremy Benoist	09d8bb6fa2	Improve tests - add more tests for coverage - add a test on annotation deletion - fix post annontation with ranges	2016-03-11 17:59:42 +01:00
Nicolas Lœuillet	4dc872238a	Rename CommentBundle with AnnotationBundle	2016-02-26 18:14:42 +01:00

46 Commits