pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
Files
5ac6b6bff9e2e3a87fd88c2904ff3c6aac40722e
wallabag/src/Wallabag/AnnotationBundle/DataFixtures/AnnotationFixtures.php
Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00

60 lines
1.7 KiB
PHP
Raw Blame History

<?php
namespace Wallabag\AnnotationBundle\DataFixtures;
use Doctrine\Bundle\FixturesBundle\Fixture;
use Doctrine\Common\DataFixtures\DependentFixtureInterface;
use Doctrine\Persistence\ObjectManager;
use Wallabag\AnnotationBundle\Entity\Annotation;
use Wallabag\CoreBundle\DataFixtures\EntryFixtures;
use Wallabag\UserBundle\DataFixtures\UserFixtures;
class AnnotationFixtures extends Fixture implements DependentFixtureInterface
{
/**
* {@inheritdoc}
*/
public function load(ObjectManager $manager)
{
$annotation1 = new Annotation($this->getReference('admin-user'));
$annotation1->setEntry($this->getReference('entry1'));
$annotation1->setText('This is my annotation /o/');
$annotation1->setQuote('content');
$manager->persist($annotation1);
$this->addReference('annotation1', $annotation1);
$annotation2 = new Annotation($this->getReference('admin-user'));
$annotation2->setEntry($this->getReference('entry2'));
$annotation2->setText('This is my 2nd annotation /o/');
$annotation2->setQuote('content');
$manager->persist($annotation2);
$this->addReference('annotation2', $annotation2);
$annotation3 = new Annotation($this->getReference('bob-user'));
$annotation3->setEntry($this->getReference('entry3'));
$annotation3->setText('This is my first annotation !');
$annotation3->setQuote('content');
$manager->persist($annotation3);
$this->addReference('annotation3', $annotation3);
$manager->flush();
}
/**
* {@inheritdoc}
*/
public function getDependencies()
{
return [
EntryFixtures::class,
UserFixtures::class,
];
}
}
Reference in New Issue View Git Blame Copy Permalink