47b3a08284
Move Import importers to Core
2024-01-25 20:34:40 +01:00
6787f598cb
Move Import controllers to Core
2024-01-25 20:34:40 +01:00
81577ef6b0
Move Api entities to Core
2024-01-25 20:34:40 +01:00
3fc0b5fa5b
Move Api controllers to Core
2024-01-25 20:34:40 +01:00
a37ded9101
Move User entity to Core
2024-01-25 20:34:40 +01:00
3d7bb85d71
Move User controller to Core
2024-01-25 20:34:40 +01:00
2190174754
Move Annotation entity to Core
2024-01-25 20:34:39 +01:00
2ed8c219cc
Move Annotation controller to Core
2024-01-25 20:34:39 +01:00
0a117958c9
Apply PHP-CS-Fixer fixes
2024-01-22 19:15:54 +01:00
16c239aa78
Merge branch '2.6' into merge-2.6-in-master
2024-01-03 11:08:10 +01:00
7ebc96f3b9
Remove session-based redirection
2023-12-28 21:42:26 +01:00
4a5f769428
Merge remote-tracking branch 'origin/2.6' into port/2.6.7
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-10-25 22:09:21 +02:00
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
c6ff0bc691
Remove remaining MOBI stuff
2023-08-23 08:49:56 +02:00
b1752b619d
Add display article configurator (font family, font size, line height and max width)
2023-08-22 13:02:50 +02:00
981d6a47da
Merge pull request #6793 from wallabag/fix-4414
...
Fix search when search term has useless space
2023-08-21 20:19:16 +02:00
4b338afa40
Merge pull request #6771 from wallabag/add-annotations-in-search
...
Add articles which have annotations with search term in results
2023-08-21 20:19:00 +02:00
1c2190fd68
Merge pull request #6769 from wallabag/add-not-parsed-boolean
...
Add `isNotParsed` field on Entry entity
2023-08-21 20:18:44 +02:00
407dd48ed0
Merge pull request #6767 from wallabag/remove-demo
...
Remove (useless) demo mode
2023-08-21 20:18:18 +02:00
cbcfa69c05
Remove (useless) demo mode
...
Fix #6671
2023-08-21 13:16:56 +02:00
20578f0b8e
Add isNotParsed field on Entry entity
...
Fix #4350
2023-08-21 13:16:42 +02:00
18e1106f76
Add articles which have annotations with search term in results
...
Fix #3635
2023-08-21 13:16:36 +02:00
6ff00315d0
Fix search when search term has useless space
2023-08-21 13:16:14 +02:00
0f17a8cf8a
PHPStan level 3
2023-08-21 12:03:38 +02:00
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect
...
Fix: Use Session instead of Referrer for Redirection
2023-08-21 10:32:03 +02:00
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-08-09 21:39:03 +02:00
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array
...
Make Crawler::extract get an array
2023-08-09 11:03:03 +02:00
ec33ec14e5
Replace Client by KernelBrowser
2023-08-08 02:55:35 +01:00
093003d9af
Make Crawler::extract get an array
2023-08-07 22:51:18 +01:00
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect
2023-08-06 20:14:44 +00:00
5fe5551972
Fix failing randomly test
2023-07-27 07:55:42 +02:00
c75d3e6961
Remove twofactor_auth parameter
...
Fix #6649
2023-07-15 16:18:01 +02:00
6639f7da6d
Fix export for same domain entries
2023-06-29 19:59:08 +02:00
28db6c22eb
Fix duplicate tags creation when assigning search results to tag
...
Fixes #6330
2023-06-17 15:19:59 +02:00
7eddea6ff7
Added test
2023-06-16 14:27:27 +02:00
e5b72f3123
Fix Stylelint errors
2023-06-12 18:15:38 +02:00
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x'
2023-04-24 14:36:32 +02:00
f1b3d5cdd7
Fix CSRF on user deletion
2023-02-07 21:41:52 +01:00
b795622f06
Prepare 2.5.3
2023-02-01 09:51:02 +01:00
5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3
...
AnnotationController: fix improper authorization vulnerability
2023-02-01 09:32:22 +01:00
3ed7f2b751
AnnotationController: fix improper authorization vulnerability
...
This PR is based on 2.5.x branch.
We fix the improper authorization by retrieving the annotation using id
and user id.
We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.
Fixes GHSA-mrqx-mjc4-vfh3
Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com >
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-27 23:34:14 +01:00
0fdd9aa991
ExportController: fix improper authorization vulnerability
...
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().
We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.
Fixes GHSA-qwx8-mxxx-mg96
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-20 15:09:38 +01:00
ea189503de
Fix tests
2023-01-16 10:21:37 +01:00
2f2cfa2c2a
Add prefix for tag slugs
...
This should be considered as a temporary fix, we may deprecate tag
slugs in the future.
Fixes #6048
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-01-11 23:20:13 +01:00
de5b138a59
Fix CS
2022-12-13 10:26:51 +01:00
fbccae8a79
fix: update remove tag test to accept root relative urls
2022-12-10 11:52:18 -06:00
dd2f2fe340
Fix pt_BR test
2022-11-29 18:01:46 -08:00
