Commit Graph

13 Commits

Author SHA1 Message Date
Kevin Decherf
3ed7f2b751 AnnotationController: fix improper authorization vulnerability
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
Jérémy Benoist
6a0d49ab7a
Fix tests 2019-11-27 14:46:27 +01:00
adev
8197f08266
API return an error with empty quote
Fix #4137
2019-11-27 14:38:35 +01:00
Jeremy Benoist
1e0d8ad7b7
Enable PHPStan
- Fix error for level 0 & 1 (level 7 has 699 errors...)
- Add `updated_at` to site_credential (so the `timestamps()` method applies correctly)
2019-01-18 15:25:50 +01:00
Jeremy Benoist
8f2038e5b1
Fix tests 2018-11-28 22:04:55 +01:00
Jeremy Benoist
f808b01692
Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
Jeremy Benoist
eb570e49c8
CS 2017-06-07 23:31:14 +02:00
adev
2c3e148b00 Displays an error with an annotation with a too long quote
Fix #2762
2017-06-04 11:38:29 +02:00
Nicolas Lœuillet
f24ea59ea4
Fixed migration and added tests 2016-10-28 10:55:39 +02:00
Jeremy Benoist
aa4741091f
Add test on /api/annotations
Fix controller forward in WallabagRestController.
Update PHPDoc so it is sorted the same way as others one
Duplicate all annotations test to use both api & normal way
Also, make annotation tests independent to each other
2016-10-22 12:09:20 +02:00
Nicolas Lœuillet
e5edb6e127
PHP CS 2016-10-22 09:06:07 +02:00
Thomas Citharel
0c271b9eb0
fix cs and phpdoc 2016-10-22 09:06:07 +02:00
Jeremy Benoist
23634d5d84 Jump to Symfony 3.1 2016-06-22 17:59:35 +02:00