devol/wallabag
1
0
Fork 0
mirror of https://github.com/wallabag/wallabag.git synced 2024-12-16 10:22:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
3ed7f2b751
wallabag/tests/Wallabag/CoreBundle/Controller
History
Kevin Decherf 3ed7f2b751 AnnotationController: fix improper authorization vulnerability 
This PR is based on 2.5.x branch.

We fix the improper authorization by retrieving the annotation using id
and user id.

We also replace the ParamConverter used to get the requested Annotation
on put and delete actions with an explicit call to AnnotationRepository
in order to prevent a resource enumeration through response discrepancy.

Fixes GHSA-mrqx-mjc4-vfh3

Co-authored-by: Jeremy Benoist <jeremy.benoist@gmail.com>
Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
2023-01-27 23:34:14 +01:00
..
ConfigControllerTest.php AnnotationController: fix improper authorization vulnerability 2023-01-27 23:34:14 +01:00
EntryControllerTest.php Fix tests 2023-01-16 10:21:37 +01:00
ExportControllerTest.php Replace iconv() calls with Transliterator 2022-03-21 22:12:11 +01:00
FeedControllerTest.php this change adds an option to sort the feed entires by updated_at 2022-03-14 22:58:45 +01:00
IgnoreOriginInstanceRuleControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
SecurityControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
SettingsControllerTest.php Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
SiteCredentialControllerTest.php Fix deprecated method in tests 2020-06-15 14:21:35 +02:00
StaticControllerTest.php Add a real configuration for CS-Fixer 2017-07-01 09:52:38 +02:00
TagControllerTest.php Fix tests 2022-04-20 23:13:17 +02:00