ed1acf59e1
Protect changeLocale with a CSRF token
2025-03-30 06:18:29 +02:00
e162408139
Protect switch_view_mode with a CSRF token
2025-03-23 19:13:21 +01:00
6fa61c0f9c
Protect delete_ignore_origin_rule with a CSRF token
2025-03-23 19:13:17 +01:00
264f91126e
Protect delete_tagging_rule with a CSRF token
2025-03-23 19:13:14 +01:00
ac5b5fb379
Protect revoke_token with a CSRF token
2025-03-23 19:13:09 +01:00
d703fa6a3a
Protect generate_token with a CSRF token
2025-03-23 19:13:06 +01:00
f71d8332e0
Merge pull request #7999 from wallabag/fix/menu-entry-with-annotations
...
Fix entries counter for annotated entries in the menu
2025-02-10 10:12:45 +01:00
3dffcadc03
Fix entries counter for annotated entries in the menu
...
The query were badly made and return all annotations for the current user instead of the total of entries with annotation(s).
2025-02-10 08:42:06 +01:00
c4857564f3
Change NB_ELEMENTS in pocket importer to 30 to comply with Pocket API restriction.
2025-02-07 18:51:37 +01:00
08b68d4d87
Display tag label instead of tag slug in page title
2024-11-22 13:49:08 +01:00
82430b50c6
Fix redirection after action in search results
2024-11-21 13:36:20 +01:00
bd8ccf924f
Added Omnivore Import
2024-11-01 11:05:16 +01:00
7ddf5066ef
Replaced gitter with matrix
2024-10-31 08:17:40 +01:00
09c2ddb79e
Use a proper "how to" for elCurator
2024-03-05 15:46:40 +01:00
a4820b21ca
Fix same domain pagination
2024-02-18 23:29:59 +01:00
9bef459882
Make Redirect helper supports only absolute path reference URLs
2023-12-28 21:48:48 +01:00
7ebc96f3b9
Remove session-based redirection
2023-12-28 21:42:26 +01:00
f4493f7472
Remove support for fallback in Redirect helper
2023-12-28 21:42:12 +01:00
ffec47bd88
Use Redirect helper in ConfigController::changeViewModeAction
2023-12-28 21:26:30 +01:00
fa107116cc
Prepare 2.6.7 release
2023-10-02 14:14:34 +02:00
aa06e8328e
ConfigController: remove 2fa cancel step
...
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation
Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
5240684be9
ConfigController: move OTP endpoints to POST method only
...
Fixes GHSA-56fm-hfp3-x3w3
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-09-30 00:49:58 +02:00
6fab27f3ce
Add tag form submit button always displayed
2023-09-29 15:35:33 +02:00
e4d69cafe4
Merge pull request #6991 from Simounet/feat/6971-mass-action-click-full-card
...
Fix #6971 - Full clickable card on mass action
2023-09-29 14:53:27 +02:00
9bc026f343
Fix #6971 - Full clickable card on mass action
2023-09-27 19:25:16 +02:00
a46fd5fc9f
Fix deprecated null parameter passed to explode()
2023-09-26 18:02:46 +02:00
8ac80e934e
Merge pull request #6912 from Simounet/feat/tag-mass-action-improved
...
Mass action layout improved
2023-09-04 13:25:05 +02:00
4b04cd5746
Mass action tag layout updated
2023-09-04 12:00:16 +02:00
137c8ab756
Count queries simplified
2023-09-01 11:53:44 +02:00
2d7d16ee6c
Tag mass action layout updated
2023-09-01 14:16:27 +02:00
18615738c0
Title removed from footer's stats element
2023-08-31 12:34:36 +02:00
452362c17a
Untagged entries number removed from the filter's sidebar
2023-08-31 12:34:36 +02:00
13b2752e8d
Autocapitalize disabled for domain input filter
2023-08-28 09:54:51 +02:00
634997c9b5
Good HTML type for HTTP status input filter
2023-08-28 09:54:45 +02:00
ca879c36de
Prepare wallabag 2.6.3
2023-08-21 11:52:16 +02:00
ffcc5c9062
Merge pull request from GHSA-gjvc-55fw-v6vq
...
Replace GET way to POST way to delete API client
2023-08-21 11:08:47 +02:00
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9
...
Replace GET way to POST way to reset data user
2023-08-21 11:08:24 +02:00
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect
...
Fix: Use Session instead of Referrer for Redirection
2023-08-21 10:32:03 +02:00
cc33fcb4ba
Replace kernel.root_dir by kernel.project_dir
2023-08-09 22:46:18 +01:00
c3d1f92278
Replace GET way to POST way to delete API client
2023-08-09 21:54:40 +02:00
a9893d754f
Replace GET way to POST way to reset data user
...
Signed-off-by: Kevin Decherf <kevin@kdecherf.com >
2023-08-09 21:39:03 +02:00
f4fd8e4675
Merge pull request #6778 from wallabag/add-confirmation-before-reload
...
Add confirmation before reload entry
2023-08-09 19:40:49 +02:00
ac1c1ff571
Merge pull request #6816 from yguedidi/use-psr-17-and-psr-18
...
Use PSR-17 and PSR-18
2023-08-08 23:56:10 +02:00
65915004e0
Merge pull request #6808 from yguedidi/make-importcontroller-extends-abstractcontroller
...
Make ImportController extends AbstractController
2023-08-08 23:26:37 +02:00
60cb8c0294
Merge pull request #6797 from yguedidi/use-twig-instead-of-templating
...
Use Twig instead of templating
2023-08-08 23:18:16 +02:00
f6e85e88af
Merge pull request #6799 from yguedidi/identify-platforms-by-their-class
...
Identify platforms by their class
2023-08-08 23:04:42 +02:00
a4b0a01b6d
Merge pull request #6798 from yguedidi/add-mandatory-$class-parameter
...
Add mandatory $class parameter
2023-08-08 22:59:16 +02:00
1bed15fd9b
Merge pull request #6800 from yguedidi/move-from-transchoice-to-trans
...
Move from transchoice to trans
2023-08-08 22:57:48 +02:00
bf176121c4
Use PSR-17 and PSR-18
2023-08-08 03:25:27 +01:00
58a0ca2622
Replace GetResponseEvent by RequestEvent
2023-08-07 22:34:47 +01:00
