mirrors/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-06-02 13:29:22 +00:00
Code Issues Projects Releases Wiki Activity
7283 commits 12 branches 99 tags 142 MiB
Commit graph

2450 commits

Author SHA1 Message Date
Jérémy Benoist 268372dbbd
Merge pull request #6289 from wallabag/2.5/fix-csrf-user-deletion 
Fix CSRF on user deletion
 2023-02-07 21:52:51 +01:00
Jérémy Benoist 4e023bddc3
Merge pull request #6288 from wallabag/2.5/xss-username-share-page 
Fix XSS on username on share page
 2023-02-07 21:43:04 +01:00
Jeremy Benoist f1b3d5cdd7
Fix CSRF on user deletion 2023-02-07 21:41:52 +01:00
Jeremy Benoist 242e3feac9
Fix adding tag to entries from other people 
I've also limited tag length to 20 chars (and limit adding more than 5 tags at once)
 2023-02-07 21:25:57 +01:00
Jeremy Benoist bd4c71682e
Fix XSS on username on share page 2023-02-07 19:58:06 +01:00
Jeremy Benoist b795622f06
Prepare 2.5.3 2023-02-01 09:51:02 +01:00
Jérémy Benoist 5ac6b6bff9
Merge pull request from GHSA-mrqx-mjc4-vfh3 
AnnotationController: fix improper authorization vulnerability
 2023-02-01 09:32:22 +01:00
Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-27 23:34:14 +01:00
Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability 
We fix the improper authorization by duplicating the check done by
the private method EntryController::checkUserAction().

We also replace the ParamConverter used to get the requested Entry with
an explicit call to EntryRepository in order to prevent a resource
enumeration through response discrepancy. Thus, we get the same
exception whether the requested resource does not exist or is not owned
by the requester.

Fixes GHSA-qwx8-mxxx-mg96

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-01-20 15:09:38 +01:00
SAKATA, Yusuke 08ce432cea
Translated using Weblate (Japanese) 
Currently translated at 97.7% (565 of 578 strings)
 2022-10-20 02:07:40 +02:00
Jeremy Benoist dc28d7ea0f
Add support to download SVG locally 2022-10-18 11:14:45 +02:00
Yotam Nachum f994ab8b5d Add domain_name to entries api endpoint 2022-10-16 18:36:41 +03:00
Andrea Brandi 6f750a3b66
Translated using Weblate (Italian) 
Currently translated at 82.3% (476 of 578 strings)
 2022-10-13 00:29:42 +02:00
JT Smith 6da76ffaae Typofixes 2022-10-03 18:31:43 -06:00
Jeremy Benoist 812b4a906f
Add nbEntries to the API tags list response 
So client will be able to do the same as in the web UI.

Also remove empty `div` from the tags template.
 2022-09-23 15:16:38 +02:00
Cthulhux b768371a13
Translated using Weblate (German) 
Currently translated at 100.0% (578 of 578 strings)
 2022-09-22 00:19:06 +02:00
Matthaiks db25a7f5d8
Translated using Weblate (Polish) 
Currently translated at 100.0% (7 of 7 strings)
 2022-09-19 09:02:44 +02:00
Matthaiks f1dde1ac80
Translated using Weblate (Polish) 
Currently translated at 100.0% (578 of 578 strings)
 2022-09-19 09:02:44 +02:00
MarkLee cbe77537b1
Translated using Weblate (Chinese (Traditional)) 
Currently translated at 13.4% (78 of 578 strings)
 2022-08-26 04:20:12 +02:00
Azorimor e81f8043b3
Translated using Weblate (German) 
Currently translated at 100.0% (7 of 7 strings)
 2022-08-22 20:21:11 +02:00
Xosé M bc4e9aa908
Translated using Weblate (Galician) 
Currently translated at 100.0% (578 of 578 strings)
 2022-08-15 13:10:37 +02:00
Oğuz Ersen c92622ff5e
Translated using Weblate (Turkish) 
Currently translated at 100.0% (578 of 578 strings)
 2022-07-21 21:17:47 +02:00
Strubbl 821093c033
Translated using Weblate (German) 
Currently translated at 99.1% (573 of 578 strings)
 2022-06-15 10:00:18 +02:00
Gil e50f2daf76
Translated using Weblate (Portuguese) 
Currently translated at 62.6% (362 of 578 strings)
 2022-06-13 06:02:08 +02:00
Milo Ivir 274d6d325c
Translated using Weblate (Croatian) 
Currently translated at 100.0% (578 of 578 strings)
 2022-06-13 06:02:08 +02:00
Jérémy 14a1755445
Translated using Weblate (French) 
Currently translated at 100.0% (578 of 578 strings)
 2022-06-09 07:16:39 +02:00
Kevin Decherf 932a1cb422
Translated using Weblate (Hungarian) 
Currently translated at 54.8% (317 of 578 strings)
 2022-06-06 20:14:33 +02:00
Kevin Decherf e934516b28
Translated using Weblate (Thai) 
Currently translated at 78.3% (453 of 578 strings)
 2022-06-06 20:14:33 +02:00
Kevin Decherf 6999f32020
Translated using Weblate (Portuguese) 
Currently translated at 62.4% (361 of 578 strings)
 2022-06-06 20:14:32 +02:00
Kevin Decherf 9a5821eb09
Translated using Weblate (Polish) 
Currently translated at 86.8% (502 of 578 strings)
 2022-06-06 20:14:32 +02:00
Kevin Decherf 67e1bb06b7
Translated using Weblate (Occitan) 
Currently translated at 82.8% (479 of 578 strings)
 2022-06-06 20:14:31 +02:00
Kevin Decherf a56c5d07ba
Translated using Weblate (Italian) 
Currently translated at 82.1% (475 of 578 strings)
 2022-06-06 20:14:30 +02:00
Kevin Decherf 338d8b25e2
Translated using Weblate (French) 
Currently translated at 98.7% (571 of 578 strings)
 2022-06-06 20:14:30 +02:00
Jérémy Benoist 031f5d27d8
Fix error about template not found 
Following bundle inheritance removal
 2022-05-30 13:40:26 +02:00
Reza Almanda e0f234e568
Translated using Weblate (Indonesian) 
Currently translated at 1.3% (8 of 578 strings)
 2022-05-19 06:17:19 +02:00
Xosé M 4649745a6f
Translated using Weblate (Galician) 
Currently translated at 100.0% (578 of 578 strings)
 2022-05-19 06:17:18 +02:00
Eric c713d5bf60
Translated using Weblate (Chinese (Simplified)) 
Currently translated at 100.0% (578 of 578 strings)
 2022-05-16 06:16:42 +02:00
Kevin Decherf 5809d7b072
Merge pull request #5794 from wallabag/2.5.0 
Merge branch 2.5.0 in master
 2022-05-14 16:44:13 +02:00
Jeremy Benoist 4947ea6758
Merge remote-tracking branch 'origin/master' into 2.5.0 2022-05-13 13:50:50 +02:00
Jeremy Benoist c87c91d3df
Update message 2022-05-13 09:56:35 +02:00
Eric 9a045b87ab
Translated using Weblate (Chinese (Simplified)) 
Currently translated at 100.0% (570 of 570 strings)
 2022-05-13 07:19:34 +02:00
Jérémy Benoist ebfbdb4519
Merge pull request #5381 from wallabag/tag-search-results 2022-05-13 07:09:18 +02:00
Kevin Decherf 3818cfe15f
Merge pull request #5673 from wallabag/api-config-endpoint 
Add new endpoint for API: config
 2022-05-13 00:50:32 +02:00
Xosé M 5ccfc98b47
Translated using Weblate (Galician) 
Currently translated at 100.0% (569 of 569 strings)
 2022-05-06 08:14:32 +02:00
Jérémy Benoist e90a7c20e2
Merge pull request #5742 from wallabag/fix/deprecated-baggy-theme 2022-05-03 05:40:38 +02:00
Jérémy Benoist dcddd4bdae
Merge pull request #5744 from jonas-hagen/domainname-www 2022-04-24 08:11:43 +02:00
Yassine Guedidi 82fc828442 Remove bundle inheritance 2022-04-24 05:56:44 +02:00
Jonas Hagen 0396e15098 Use site with subdomain as tagging rule example 
Fixes wallabag/doc#104
This change affects all translations in documentation and wallabag source.
 2022-04-23 23:26:46 +02:00
Jeremy Benoist 9f6414785c
Fix tests 2022-04-20 23:13:17 +02:00
Nicolas Lœuillet 5077c46e4e
Added action to tag search results 2022-04-20 22:57:25 +02:00