oss/wallabag
oss/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2025-08-01 17:38:38 +00:00
Code Wiki Activity
8616 commits 17 branches 103 tags 170 MiB
Commit graph

638 commits

Author SHA1 Message Date
Yassine Guedidi
5ea5115a72 Protect mass_action with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
27f0d94db7 Protect tag_delete with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
cf49be6940 Protect tag_this_search with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
ddf2e80842 Protect remove_tag with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
d1e128900a Protect delete_share with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
0d8429dfc7 Protect share with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
eb8408b22f Protect delete_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
00d0e6f951 Protect star_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
edffef8375 Protect archive_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
3817010e29 Protect reload_entry with a CSRF token 2025-03-30 06:18:32 +02:00
Yassine Guedidi
ed1acf59e1 Protect changeLocale with a CSRF token 2025-03-30 06:18:29 +02:00
Yassine Guedidi
e162408139 Protect switch_view_mode with a CSRF token 2025-03-23 19:13:21 +01:00
Yassine Guedidi
6fa61c0f9c Protect delete_ignore_origin_rule with a CSRF token 2025-03-23 19:13:17 +01:00
Yassine Guedidi
264f91126e Protect delete_tagging_rule with a CSRF token 2025-03-23 19:13:14 +01:00
Yassine Guedidi
ac5b5fb379 Protect revoke_token with a CSRF token 2025-03-23 19:13:09 +01:00
Yassine Guedidi
d703fa6a3a Protect generate_token with a CSRF token 2025-03-23 19:13:06 +01:00
Jeremy Benoist
3dffcadc03
Fix entries counter for annotated entries in the menu 
The query were badly made and return all annotations for the current user instead of the total of entries with annotation(s).
 2025-02-10 08:42:06 +01:00
Nicolas Lœuillet
82430b50c6 Fix redirection after action in search results 2024-11-21 13:36:20 +01:00
Nicolas Lœuillet
bd8ccf924f Added Omnivore Import 2024-11-01 11:05:16 +01:00
Jeremy Benoist
898890c371
Fix tests 2024-07-15 13:11:18 +02:00
Yassine Guedidi
9bef459882 Make Redirect helper supports only absolute path reference URLs 2023-12-28 21:48:48 +01:00
Yassine Guedidi
7ebc96f3b9 Remove session-based redirection 2023-12-28 21:42:26 +01:00
Yassine Guedidi
f4493f7472 Remove support for fallback in Redirect helper 2023-12-28 21:42:12 +01:00
Jeremy Benoist
fa107116cc
Prepare 2.6.7 release 2023-10-02 14:14:34 +02:00
Kevin Decherf
aa06e8328e ConfigController: remove 2fa cancel step 
This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Kevin Decherf
5240684be9 ConfigController: move OTP endpoints to POST method only 
Fixes GHSA-56fm-hfp3-x3w3

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-09-30 00:49:58 +02:00
Nicolas Lœuillet
ffcc5c9062
Merge pull request from GHSA-gjvc-55fw-v6vq 
Replace GET way to POST way to delete API client
 2023-08-21 11:08:47 +02:00
Nicolas Lœuillet
78b0b55c40
Merge pull request from GHSA-p8gp-899c-jvq9 
Replace GET way to POST way to reset data user
 2023-08-21 11:08:24 +02:00
Nicolas Lœuillet
383dcc5c45
Merge pull request #6119 from Spoons/feat_referer_to_session_redirect 
Fix: Use Session instead of Referrer for Redirection
 2023-08-21 10:32:03 +02:00
Nicolas Lœuillet
c3d1f92278 Replace GET way to POST way to delete API client 2023-08-09 21:54:40 +02:00
Nicolas Lœuillet
a9893d754f Replace GET way to POST way to reset data user 
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
 2023-08-09 21:39:03 +02:00
Kevin Decherf
0ccbd653fa
Merge pull request #6812 from yguedidi/make-crawler-extract-get-an-array 
Make Crawler::extract get an array
 2023-08-09 11:03:03 +02:00
Kevin Decherf
815158fefa
Merge pull request #6813 from yguedidi/replace-client-by-kernelbrowser 
Replace Client by KernelBrowser
 2023-08-08 23:36:06 +02:00
Kevin Decherf
807d473564
Merge pull request #6811 from yguedidi/replace-getresponseevent-by-requestevent 
Replace GetResponseEvent by RequestEvent
 2023-08-08 16:53:18 +02:00
Yassine Guedidi
ec33ec14e5 Replace Client by KernelBrowser 2023-08-08 02:55:35 +01:00
Yassine Guedidi
093003d9af Make Crawler::extract get an array 2023-08-07 22:51:18 +01:00
Yassine Guedidi
58a0ca2622 Replace GetResponseEvent by RequestEvent 2023-08-07 22:34:47 +01:00
Michael Ciociola
ced2ea4015
Merge branch 'master' into feat_referer_to_session_redirect 2023-08-06 20:14:44 +00:00
Yassine Guedidi
7d78e2ae06 Ensure the kernel is shut down before calling createClient 2023-08-06 13:48:53 +01:00
Nicolas Lœuillet
5fe5551972 Fix failing randomly test 2023-07-27 07:55:42 +02:00
Nicolas Lœuillet
c75d3e6961 Remove twofactor_auth parameter 
Fix #6649
 2023-07-15 16:18:01 +02:00
Nicolas Lœuillet
6639f7da6d Fix export for same domain entries 2023-06-29 19:59:08 +02:00
Nicolas Lœuillet
28db6c22eb
Fix duplicate tags creation when assigning search results to tag 
Fixes #6330
 2023-06-17 15:19:59 +02:00
Nicolas Lœuillet
7eddea6ff7
Added test 2023-06-16 14:27:27 +02:00
Nicolas Lœuillet
19322142c3
Fixed testsuite 2023-06-16 14:27:26 +02:00
Simounet
e5b72f3123
Fix Stylelint errors 2023-06-12 18:15:38 +02:00
Jérémy Benoist
bea10aacbe
Merge pull request #6562 from Simounet/fix/downloadimages-redirect-following 
Fix DownloadImages not following redirections
 2023-05-31 15:04:02 +02:00
Simounet
548b610a17
Fix images downloading with numeric HTML entity 2023-05-30 13:38:50 +02:00
Simounet
2f944aa74a
Fix DownloadImages not following redirections 2023-05-30 12:41:00 +02:00
Jeremy Benoist
66b7bdd07c
Merge remote-tracking branch 'origin/2.5.x' 2023-04-24 14:36:32 +02:00