yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-08-07 08:16:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
30,539 Commits 112 Branches 488 Tags
Commit Graph

282 Commits

Author SHA1 Message Date
Jean-Sébastien Herbaux
7ec5466c22
Merge pull request from GHSA-9xg4-3qfm-9w8f 
Improve sanitization in sanitizeQuery and convertQueryParams
 2023-06-07 12:06:40 +02:00
Ben Irvin
e736474f1a Merge branch 'main' of https://github.com/strapi/strapi into fix/clean-filters 2023-06-05 11:26:38 +02:00
Jamie Howard
96bfeca3db Merge remote-tracking branch 'origin/main' into webhooks/edit-view 2023-06-02 11:14:18 +01:00
Jamie Howard
ca1ed38fea
Merge pull request #16835 from strapi/feature/set-webhook-events 2023-06-02 11:00:25 +01:00
Jamie Howard
780f71ab9f Merge remote-tracking branch 'origin/main' into webhooks/edit-view 2023-06-01 17:04:03 +01:00
nathan-pichon
c8995460ac
fix(content-types): remove getter for private attributes 
+ Fixes a flaky test (transactions.test.api.js)
 2023-05-31 11:45:26 +02:00
Jamie Howard
506c495d91 feature: replace webhook validation with webhook store 2023-05-25 12:34:52 +01:00
Ben Irvin
eefdae1e5e require matching case for operators 2023-05-22 10:27:39 +02:00
Ben Irvin
5c5d27247b remove case sensitivity 2023-05-18 17:16:02 +02:00
Ben Irvin
6827350469 allow id filter 2023-05-18 17:01:20 +02:00
Ben Irvin
6ffb7f99e1 remove case insensitivity from id check 2023-05-18 10:00:04 +02:00
Ben Irvin
cb0225e316
Update packages/core/utils/lib/convert-query-params.js 
Co-authored-by: Jean-Sébastien Herbaux <jean-sebastien.herbaux@epitech.eu>
 2023-05-12 16:49:09 +02:00
Ben Irvin
00f43de9b7
Update packages/core/utils/lib/operators.js 
Co-authored-by: Jean-Sébastien Herbaux <jean-sebastien.herbaux@epitech.eu>
 2023-05-12 16:48:26 +02:00
Ben Irvin
8b08534ec8
Update packages/core/utils/lib/operators.js 
Co-authored-by: Jean-Sébastien Herbaux <jean-sebastien.herbaux@epitech.eu>
 2023-05-12 16:48:18 +02:00
Ben Irvin
53de017ad0 export isOperator and isOperatorOfType directly 2023-05-12 12:50:22 +02:00
Ben Irvin
d961309386 remove comment 2023-05-12 12:14:23 +02:00
Ben Irvin
b3998432d7 only allow attributes and operators on filters 
Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>
 2023-05-12 12:13:56 +02:00
Ben Irvin
980edbbcce move operators to utils 2023-05-12 12:13:29 +02:00
Ben Irvin
7747d1d3d1 initial commit 2023-05-05 13:11:59 +02:00
Jamie Howard
05cee5cbd7 Merge remote-tracking branch 'origin/main' into feature/review-workflow 2023-04-11 14:15:43 +01:00
Alexandre BODIN
942e646d28
Perf optimizations (#16117) 
Co-authored-by: Marc-Roig <marc12info@gmail.com>
 2023-03-21 18:37:21 +01:00
Gustav Hansen
95a8cd84bd Merge branch 'main' into feature/review-workflow 2023-03-21 17:45:49 +01:00
DMehaffy
b07fc41d84
Add Not implemented error class (#15938) 2023-03-21 14:42:45 +01:00
Jamie Howard
64a0f9eb50 Merge remote-tracking branch 'origin/main' into feature/review-workflow 2023-03-20 11:42:58 +00:00
Convly
3351b78b5b Prettier fix 2023-03-20 10:16:31 +01:00
Convly
fbb22891a8 Allow to sort by ID in the sort sanitize operations 2023-03-20 10:11:33 +01:00
Gustav Hansen
0a008881ef Merge branch 'main' into feature/review-workflow 2023-03-16 15:49:45 +01:00
Convly
ae5481026b Fix broken populate traversal with no fragment 2023-03-16 14:30:07 +01:00
Convly
1b6a6926e6 Merge branch 'releases/4.8.0' into main 2023-03-15 16:35:26 +01:00
Ben Irvin
801e3db415 add traverse query 
fix single type

fix query

sanitize pagination count params

add comments

Cleanup the params/filters sanitize helpers

sanitize association resolver

Sanitize sort

fix graphql single type

fix graphql types

fix addFindQuery

Sanitize fields

Update sanitize sort to handle all the different formats

Update fields sanitize to handle regular strings & wildcard

Fix non scalar recursion

Add a traverse factory

Add visitor to remove dz & morph relations

Replace the old traverse utils (sort, filters) by one created using the traverse factory

add sanitize populate

await args

fix async and duplicate sanitization

sanitize u&p params

Add traverse fields

Fix traverse & sanitize fields

add traverse fields to nested populate

sanitize admin api filter queries

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

sanitize sort params in admin API

todo

make token fields unsearchable with _q

sanitize delete mutation

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Jamie Howard <48524071+jhoward1994@users.noreply.github.com>

fix errors on queries without ctx

rename findParams to sanitizedParams

Sanitize queries everywhere in the content manager admin controllers

sanitize single type update and delete

Ignore non attribute keys in the sanitize sort

Fix the sanitize query sort for nested string sort

Fix permission check for the admin

typo

sanitize upload

sanitize admin media library

sanitize admin users

Add missing await

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

set U&P users fields to searchable:false

add token support to createContentAPIRequest

add searchable:false to getstarted U&P schema

remove comment

sanitize component resolver

remove await

add searchable false to the file's folder path

Fix admin query when the permission query is set to null

add basic tests for filtering private params

add tests for fields

add pagination tests

Fix admin user fields not being sanitized

Fix convert query params for the morph fragment on undefined value

Traverse dynamic zone on nested populate

Handle nested sort, filters & fields in populate queries + handle populate fragment for morphTo relations

Sanitize 'on' subpopulate

Co-authored-by: Jean-Sébastien Herbaux <Convly@users.noreply.github.com>

don't throw error on invalid attributes

check models for snake case column name instead of assuming they are operators

Add first batch of api tests for params sanitize

Fix sort traversal: handle object arrays

Put back removePassword for fields,sort,filters

Add schemas and fixtures for sanitize api tests

Add tests for relations (sanitize api tests)

Move constant to domain scope

Rename sanitize params to sanitize query

Fix typo

Cleanup fixtures file

Fix variable name conflict

Update packages/core/admin/server/services/permission/permissions-manager/sanitize.js

Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>

Update comment for array filters

Rename sanitize test

Test implicit & explicit array operator for filter

Remove unused code
 2023-03-15 14:59:19 +01:00
Christian
de282d558e
Merge branch 'main' into add-env-oneof 2023-03-10 14:20:34 +01:00
Andrew Luca
73f6631a92 Add oneOf env helper for union values 2023-03-02 11:57:59 +02:00
Marc
8ac67d6b8b
Update packages/core/utils/lib/content-types.js 
Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>
 2023-03-02 09:17:44 +01:00
Marc-Roig
571ed83628 use optional chaining on isPrivateAttribute 2023-02-28 16:38:33 +01:00
nathan-pichon
39fdfd3d40
feat(review-workflows): add options in content type builder 2023-02-20 18:58:09 +01:00
nathan-pichon
5029344805
feat(async-utils): use curryN instead of curry 2023-02-14 16:55:57 +01:00
Nathan Pichon
8fae1a80ec
Merge branch 'main' into feature/async-reduce-utils 2023-02-13 16:54:25 +01:00
nathan-pichon
83c297e298
test(async-utils): update test titles 2023-02-13 14:11:56 +01:00
Nathan Pichon
4fdff2f350
chore(async-utils): update typo 
Co-authored-by: Pierre Noël <petersg83@users.noreply.github.com>
 2023-02-13 14:02:56 +01:00
nathan-pichon
4c5e98b338
chore(async-utils): indent 2023-02-13 11:40:51 +01:00
nathan-pichon
477750650e
fix(async): arity for reduce func and awaited value 2023-02-13 11:38:54 +01:00
nathan-pichon
5b0e7f6903
feat(utils): add reduceAsync 2023-02-13 11:38:37 +01:00
Marc
9248812218
Merge branch 'main' into fix/pagination-in-relations-graphql 2023-02-13 10:32:37 +01:00
Marc
9818b82377
Merge pull request #15693 from strapi/fix/publication-state-in-relations-graphql 
[Fix]: Graphql accept publication state argument in relations
 2023-02-13 10:26:39 +01:00
nathan-pichon
57009a0f30
fix(file-utils): rewrite requires 2023-02-08 15:57:14 +01:00
nathan-pichon
5316123801
fix(upload-local-provider): use package require instead of absolute path 2023-02-08 15:33:49 +01:00
Marc-Roig
0b641bc05e pass options to forEachAsync 2023-02-06 19:11:58 +01:00
Marc-Roig
7b14ee6a35 implement forEachAsync 2023-02-06 15:59:47 +01:00
Marc-Roig
02d467f933 remove mapAsyncDialects 2023-02-06 15:39:47 +01:00
Marc-Roig
4f4b424197 fix mapAsyncDialects type 2023-02-06 11:06:18 +01:00