66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com >
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-27 23:34:14 +01:00
6aca334d53
Move to controller as a service
...
Mostly using autowiring to inject deps.
The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case.
Usually:
- if a controller has a constructor, it means injected services are at least re-used once in actions
- otherwise, service are injected per action
2022-12-19 10:38:08 +01:00
b7dba18cb2
Cleanup
2022-11-23 15:51:33 +01:00
27e788d0be
Re-create all API routes
2022-11-23 12:44:55 +01:00
eb43c78720
Use FQCN instead of service alias
2022-09-01 09:07:19 +02:00
1c880883e2
Migrate ParamConverter class parameter
2022-08-26 17:47:46 +02:00
8b7b4975d6
Migrate getRepository with entities
2022-08-26 17:47:46 +02:00
327fa7d527
Extend right FOSRestBundle controller class
2022-08-15 12:59:28 +02:00
8d4ed0df06
Update deps
...
Also CS (because cs-fixer got an update)
Package operations: 0 installs, 26 updates, 0 removals
- Updating twig/twig (v2.12.1 => v2.12.2)
- Updating symfony/symfony (v3.4.33 => v3.4.34)
- Updating doctrine/event-manager (v1.0.0 => 1.1.0)
- Updating doctrine/collections (v1.6.2 => 1.6.3)
- Updating doctrine/cache (v1.8.1 => 1.9.0)
- Updating doctrine/persistence (1.1.1 => 1.2.0)
- Updating doctrine/inflector (v1.3.0 => 1.3.1)
- Updating symfony/mime (v4.3.5 => v4.3.7)
- Updating swiftmailer/swiftmailer (v6.2.1 => v6.2.3)
- Updating symfony/swiftmailer-bundle (v3.3.0 => v3.3.1)
- Updating doctrine/dbal (v2.9.2 => v2.9.3)
- Updating doctrine/instantiator (1.2.0 => 1.3.0)
- Updating j0k3r/graby-site-config (1.0.93 => 1.0.94)
- Updating phpoption/phpoption (1.5.0 => 1.5.2)
- Updating symfony/http-client-contracts (v1.1.7 => v1.1.8)
- Updating symfony/http-client (v4.3.5 => v4.3.7)
- Updating sensiolabs/security-checker (v6.0.2 => v6.0.3)
- Updating paragonie/constant_time_encoding (v2.2.3 => v2.3.0)
- Updating scheb/two-factor-bundle (v4.7.1 => v4.8.0)
- Updating symfony/phpunit-bridge (v4.3.6 => v4.3.7)
- Updating composer/xdebug-handler (1.3.3 => 1.4.0)
- Updating friendsofphp/php-cs-fixer (v2.15.3 => v2.16.0)
- Updating doctrine/data-fixtures (v1.3.2 => 1.3.3)
- Updating nette/schema (v1.0.0 => v1.0.1)
- Updating nikic/php-parser (v4.2.4 => v4.3.0)
- Updating sentry/sentry (2.2.2 => 2.2.4)
2019-11-12 14:18:58 +01:00
2a1ceb67b4
php-cs-fixer
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2018-09-05 14:25:32 +02:00
f40c88eb1f
Jump to Symfony 3.3 & update others deps
...
Also update tests urls
2017-10-09 16:45:12 +02:00
f808b01692
Add a real configuration for CS-Fixer
2017-07-01 09:52:38 +02:00
2c3e148b00
Displays an error with an annotation with a too long quote
...
Fix #2762
2017-06-04 11:38:29 +02:00
0c271b9eb0
fix cs and phpdoc
2016-10-22 09:06:07 +02:00
b1e92f8c14
cs
2016-10-22 09:06:07 +02:00
1eea248bb0
move code
2016-10-22 09:06:07 +02:00
c7935f32d2
cs
2016-10-22 09:06:07 +02:00
351eb8d97e
bring annotations to API
2016-10-22 09:06:07 +02:00
4094ea4771
Convert array + phpDoc
...
Thanks for https://github.com/thomasbachem/php-short-array-syntax-converter
2016-04-12 12:25:29 +02:00
4dc872238a
Rename CommentBundle with AnnotationBundle
2016-02-26 18:14:42 +01:00
