wallabag

mirror of https://github.com/wallabag/wallabag.git synced 2024-12-16 18:30:17 +01:00

History

Kevin Decherf 0fdd9aa991 ExportController: fix improper authorization vulnerability We fix the improper authorization by duplicating the check done by the private method EntryController::checkUserAction(). We also replace the ParamConverter used to get the requested Entry with an explicit call to EntryRepository in order to prevent a resource enumeration through response discrepancy. Thus, we get the same exception whether the requested resource does not exist or is not owned by the requester. Fixes GHSA-qwx8-mxxx-mg96 Signed-off-by: Kevin Decherf <kevin@kdecherf.com>		2023-01-20 15:09:38 +01:00
..
Command	Fix CS issues	2020-12-08 09:17:10 +01:00
Controller	ExportController: fix improper authorization vulnerability	2023-01-20 15:09:38 +01:00
Entity	Use lang attribute	2020-01-23 21:21:54 +01:00
Event	Ensure language is valid	2018-10-13 09:39:00 +02:00
fixtures	Add support to download SVG locally	2022-10-18 11:14:45 +02:00
Form/DataTransformer	Add missing TestCase namespace	2017-12-18 13:29:33 +01:00
GuzzleSiteAuthenticator	CS	2019-05-15 14:58:40 +02:00
Helper	Add support to download SVG locally	2022-10-18 11:14:45 +02:00
Mock	Jump to Symfony 3.1	2016-06-22 17:59:35 +02:00
ParamConverter	Fix deprecated method in tests	2020-06-15 14:21:35 +02:00
Tools	Counting two characters together as a word in CJK	2019-01-06 01:21:13 +08:00
Twig	Load custom.css only if exists	2020-02-07 13:21:48 +01:00
WallabagCoreTestCase.php	Fix tests	2020-12-10 10:30:34 +01:00