strapi

mirror of https://github.com/strapi/strapi.git synced 2025-07-22 16:37:13 +00:00

Author	SHA1	Message	Date
Ben Irvin	1a56693a91	cleanup	2023-08-17 17:24:11 +02:00
Ben Irvin	dd080bf280	fix missing sanitize	2023-08-11 17:08:03 +02:00
Ben Irvin	c1f0f87949	fix typo	2023-08-11 17:04:11 +02:00
Ben Irvin	dce86bec5c	validate does not sanitize	2023-08-11 13:13:44 +02:00
Ben Irvin	995473d959	add utils.validate and replace sanitize usage	2023-08-10 15:24:35 +02:00
Marc-Roig	087ff3765b	chore: create util to check if folder is the same as another one or a child one	2023-05-22 10:06:37 +02:00
Marc-Roig	4870920918	fix: improve path match on check if folder is movable	2023-05-17 18:08:02 +02:00
Marc-Roig	1e1b62ef23	sign file urls when uploading files	2023-03-21 15:27:32 +01:00
Marc-Roig	456bdcba33	Merge branch 'main' into feature/private-s3-bucket	2023-03-21 14:59:26 +01:00
Ben Irvin	801e3db415	add traverse query fix single type fix query sanitize pagination count params add comments Cleanup the params/filters sanitize helpers sanitize association resolver Sanitize sort fix graphql single type fix graphql types fix addFindQuery Sanitize fields Update sanitize sort to handle all the different formats Update fields sanitize to handle regular strings & wildcard Fix non scalar recursion Add a traverse factory Add visitor to remove dz & morph relations Replace the old traverse utils (sort, filters) by one created using the traverse factory add sanitize populate await args fix async and duplicate sanitization sanitize u&p params Add traverse fields Fix traverse & sanitize fields add traverse fields to nested populate sanitize admin api filter queries Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> sanitize sort params in admin API todo make token fields unsearchable with _q sanitize delete mutation Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com> fix errors on queries without ctx rename findParams to sanitizedParams Sanitize queries everywhere in the content manager admin controllers sanitize single type update and delete Ignore non attribute keys in the sanitize sort Fix the sanitize query sort for nested string sort Fix permission check for the admin typo sanitize upload sanitize admin media library sanitize admin users Add missing await Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> set U&P users fields to searchable:false add token support to createContentAPIRequest add searchable:false to getstarted U&P schema remove comment sanitize component resolver remove await add searchable false to the file's folder path Fix admin query when the permission query is set to null add basic tests for filtering private params add tests for fields add pagination tests Fix admin user fields not being sanitized Fix convert query params for the morph fragment on undefined value Traverse dynamic zone on nested populate Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations Sanitize 'on' subpopulate Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com> don't throw error on invalid attributes check models for snake case column name instead of assuming they are operators Add first batch of api tests for params sanitize Fix sort traversal: handle object arrays Put back removePassword for fields,sort,filters Add schemas and fixtures for sanitize api tests Add tests for relations (sanitize api tests) Move constant to domain scope Rename sanitize params to sanitize query Fix typo Cleanup fixtures file Fix variable name conflict Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com> Update comment for array filters Rename sanitize test Test implicit & explicit array operator for filter Remove unused code	2023-03-15 14:59:19 +01:00
Marc-Roig	d21490e7a9	sign files when replacing image	2023-02-22 16:12:58 +01:00
Marc-Roig	79d2044e5b	remove proxy controller	2023-02-19 18:08:54 +01:00
Marc-Roig	a38e36ac6d	sign file is non mutating now	2023-02-19 18:08:44 +01:00
Marc-Roig	11c4b9df3a	make file signing non mutating	2023-02-11 17:37:28 +01:00
Marc-Roig	4e6731ec58	make s3 bucket private	2023-02-09 15:02:15 +01:00
Nathan Pichon	fa8a108af9	Merge branch 'main' into fix/issue-9308-File_upload_related_fields_returning_null	2023-02-02 16:16:48 +01:00
nathan-pichon	2f1b44db8a	fix(upload): add populate query to findOne method	2023-01-18 17:23:14 +01:00
Bassel	faf4d728cd	Merge branch 'main' into chore/transactions	2023-01-13 12:26:20 +02:00
Bassel	12dd68f4a7	Improve transaction API: - make it possible to have nested transactions - wrap the knex transaction api and apply changes everywhere it was used	2023-01-13 12:23:30 +02:00
Jamie Howard	07febfa69e	Merge remote-tracking branch 'origin/main' into feature/media-library-ctv	2022-12-16 13:57:57 +00:00
Jamie Howard	268efc629f	chore(upload): review feedback	2022-12-12 10:05:22 +00:00
ivanThePleasant	2af669c961	Merge branch 'main' into chore/user-level-data	2022-11-23 09:35:16 +02:00
Jamie Howard	a0aa2b0901	Merge remote-tracking branch 'origin/main' into feature/media-library-ctv	2022-11-22 11:05:34 +00:00
Jamie Howard	358e26ed18	chore(upload)	2022-11-22 11:04:45 +00:00
Pierre Noël	9ff4f19660	fix schema support for postgres when using raw queries	2022-11-17 10:08:49 +01:00
Jamie Howard	c8c1678006	feat(upload): configure the view test: e2e chore: naming	2022-10-31 17:21:51 +00:00
ivanThePleasant	16c0e79557	Revert to use crypto module on the server code, fix couple of minor code issues	2022-10-25 16:42:47 +03:00
ivanThePleasant	01bb760793	Clean up unnecessary code	2022-09-29 14:15:07 +03:00
ivanThePleasant	5a4362faf7	Refactor changes to use request context	2022-09-29 11:24:11 +03:00
ivanThePleasant	b5c98ae0cd	Refactor event calls to follow old format, encapsulate hashing in the sender, refactor the format of event payload to better correspond to the new api	2022-09-02 14:43:51 +03:00
ivanThePleasant	459de9774d	Refactor hash function, add uuid to the admin hash, remove debug console logs	2022-08-16 11:58:15 +03:00
ivanThePleasant	3ead6f2487	Move hash function to user services instead of it being a separate service	2022-08-12 10:19:40 +03:00
ivanThePleasant	7e5b38d588	Merge branch 'master' into chore/user-level-data	2022-08-11 18:28:58 +03:00
ivanThePleasant	f8ac76491f	Convert all server events to new format, refactor admin events userAdminId, refactor tests	2022-08-11 15:56:39 +03:00
Alexandre Bodin	cf49ddbbfc	Prettier and backend fix	2022-08-11 10:20:49 +02:00
Alexandre Bodin	0ae14c06cb	1st fix pass	2022-08-11 10:20:48 +02:00
ivanThePleasant	7291d2e6cf	Change user hashing to be a service on admin, introduce adminUserId property to the send function, refactor several events	2022-08-09 12:20:25 +03:00
WalkingPizza	544b1258dd	Properly flag that upload has multiple files	2022-08-08 15:26:09 +02:00
WalkingPizza	4e1d735803	Generate a fileInfo array on when necessary	2022-08-08 15:08:26 +02:00
WalkingPizza	073e6cc3be	Generate fileInfo for every file when uploading in bulk	2022-08-08 15:00:12 +02:00
Pierre Noël	acb6ceae15	add backend telemetry events in ML	2022-07-13 13:29:12 +02:00
Gustav Hansen	4fcb38d53d	Merge branch 'master' into features/ML-folder	2022-07-05 12:53:51 +02:00
Pierre Noël	87056ebd87	allow the query params for GET folder	2022-06-14 09:32:45 +01:00
Pierre Noël	ab2406b93d	fix sql concat call	2022-06-13 09:19:18 +01:00
Pierre Noël	1e66f567f8	change folder uid for pathId	2022-06-13 09:16:26 +01:00
Pierre Noël	71f43f0f7a	use a transaction for bulk move	2022-05-23 14:31:05 +02:00
Pierre Noël	b7e82614f6	remove pagination on GET /folders	2022-05-20 10:25:58 +02:00
Pierre Noël	eb2ec33426	default populate files	2022-05-19 17:17:06 +02:00
Pierre Noël	6d5ab53f2f	add findOne route for folders	2022-05-19 10:52:32 +02:00
Pierre Noël	c3265a74d3	add test move folder inside itself	2022-05-17 11:54:28 +02:00

1 2

89 Commits