Commit Graph

860 Commits

Author SHA1 Message Date
shamoon 11ec676909 Fix: propagate metadata override created value (#11659) 2026-01-13 09:36:07 -08:00
shamoon 7c457466b7 Security: prevent path traversal in storage paths 2026-01-13 09:29:48 -08:00
shamoon 078cba4bd1 Fix: allow safe <style> tags in SVG uploads (#11593) 2025-12-12 22:01:56 +00:00
Trenton H d9a596d67a Fix: Expanded SVG validation whitelist and additional checks (#11590) 2025-12-12 20:04:04 +00:00
shamoon 9bdbfd362f Merge commit from fork
* Add safe regex matching with timeouts and validation

* Remove redundant length check

* Remove timeouterror workaround
2025-12-12 09:28:47 -08:00
shamoon 9ba1d93e15 Merge commit from fork
* Uses a custom transport to resolve the slim chance of a DNS rebinding affecting the webhook

* Fix WebhookTransport hostname resolution and validation

* Fix test failures

* Lint

* Keep all internal logic inside WebhookTransport

* Fix test failure

* Update handlers.py

* Update handlers.py

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
2025-12-12 09:28:17 -08:00
shamoon 3b4d958b97 Performance: avoid unnecessary filename operations on bulk custom field updates (#11558) 2025-12-12 07:50:51 -08:00
shamoon 66d363bdc5 Chore: refactor workflows code (#11563) 2025-12-11 12:13:10 -08:00
shamoon 128c3539d5 Chore: fix set_permissions_for_object type (#11564) 2025-12-10 00:12:40 +00:00
shamoon 0c43b50f01 Fix: change async handling of select custom field updates (#11490) 2025-11-30 03:54:15 +00:00
shamoon 27966858fd Enhancement: add more relative dates, support modified (#11411) 2025-11-19 16:54:24 +00:00
shamoon cf5ac596ed Performance: make move files after select custom field change async (#11391) 2025-11-19 15:21:33 +00:00
david-loe 7b175ec1b3 Development: fix correct test delete select option (#11406) 2025-11-18 19:28:52 +00:00
Ed Bardsley 36d45ecf4d Development: fix unreachable code around assertRaises blocks (#11365)
* tests: general cleanup and fixes for runnning under docker

This now allows tests to be run under a locally built or production
docker image with something like:

  `docker run --rm -v $PWD:/usr/src/paperless --entrypoint=bash paperlessngx/paperless-ngx:latest -c "uv run pytest"`

Specific fixes:
- fix unreachable code around `assertRaises` blocks
- fix `assertInt` typos
- fix `str(e)` vs `str(e.exception)` issues
- skip permission-based checks when root (in a docker container)
- catch `OSError` problems when instantiating `INotify` and
  skip inotify-based tests when it's unavailable.

* Reverts most files to dev while keeping the exception assert fixes

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
2025-11-18 18:28:43 +00:00
shamoon 0e5ab7f3e0 Fix: support for custom field ordering w advanced search (#11383) 2025-11-17 20:47:55 +00:00
Ed Bardsley c5ad148dc7 Fix: include BASE_URL when constructing doc_url for workflows (#11360)
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2025-11-14 17:45:13 +00:00
shamoon b12f1e757c Fixhancement: refactor email attachment logic (#11336) 2025-11-14 17:28:46 +00:00
shamoon 0219df5b67 Fixhancement: trim whitespace for some text searches (#11357) 2025-11-14 08:09:09 -08:00
shamoon e9f846ca24 Fix: include replace none logic in storage path preview, improve jinja conditionals for empty metadata (#11315) 2025-11-08 13:31:57 -08:00
shamoon 2a9d1fce0d Chore: include password validation on user edit (#11308) 2025-11-07 11:20:27 -08:00
shamoon ad45e3f747 Fix: respect fields parameter for created field (#11251) 2025-11-01 13:13:39 -07:00
shamoon a0d3527d20 Fixhancement: truncate large logs, improve auto-scroll (#11239) 2025-11-01 07:49:52 -07:00
shamoon b9aced07fb Chore: cache Github version check for 15 minutes (#11235) 2025-10-30 13:53:30 -07:00
shamoon b60fb8ed82 Fix: remove unnecessary permission requirements for new email endpoint (#11215) 2025-10-29 07:14:51 -07:00
shamoon d718d7d29f Fix: add root tag filtering for tag list page consistency, fix toggle all (#11208) 2025-10-28 11:04:22 -07:00
shamoon 48d21da13b Fix: support ConsumableDocument in email attachments (#11196) 2025-10-27 10:37:57 -07:00
shamoon 63dab0ab09 Change: restrict superuser modifications to superusers only 2025-10-24 16:25:59 -07:00
shamoon 13161ebb01 Fix: retrieve document_count for tag children (#11125) 2025-10-22 11:13:15 -07:00
shamoon fcae006afa Tweak: improve tag parent validation error handling (#11096) 2025-10-20 22:42:01 -07:00
Jan Kleine 340754d865 Enhancement: use friendly file names when emailing documents (#11055) 2025-10-15 17:10:25 +00:00
shamoon f6c004183e Feature: Advanced Workflow Trigger Filters (#11029) 2025-10-13 22:23:56 +00:00
Jan Kleine f0d1c75fac Feature: add support for emailing multiple documents (#10666)
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2025-10-13 13:16:43 -07:00
shamoon df86882e8e Fix: require only change permissions for task dismissal, add frontend error handling (#11023) 2025-10-07 00:56:16 -07:00
shamoon 79b30fbade Enhancement: ignore same files in sanity checker as consumer (#10999) 2025-10-06 09:59:01 -07:00
shamoon d6710de486 Chore: refactor for clarity 2025-09-30 12:16:22 -07:00
Antoine Mérino 3df43d828a Performance: Cache django-guardian permissions when counting documents (#10657)
Fixes N+1 queries in tag, correspondent, storage path, custom field,
and document type list views.
Reduces SQL queries from 160 to 9.
2025-09-30 09:48:44 -07:00
DerRockWolf 4ff09c4cf4 Enhancement: support workflow path matching of barcode-split documents (#10723) 2025-09-24 21:03:03 +00:00
shamoon 6119c215e7 Fix: skip fuzzy matching for empty document content (#10914) 2025-09-22 23:30:24 -07:00
shamoon 0e35acaef5 Fix: add extra error handling to _consume for file checks (#10897) 2025-09-21 13:21:40 -07:00
shamoon 6dbd32759d Enhancement: support custom field values on post document (#10859) 2025-09-17 22:42:06 +00:00
shamoon 4cff907ba0 Feature: Nested Tags (#10833)
---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
2025-09-17 21:41:39 +00:00
dependabot[bot] 4ddac79f0f Chore(deps): Bump the small-changes group across 1 directory with 3 updates (#10880)
* Chore(deps): Bump the small-changes group across 1 directory with 3 updates

Bumps the small-changes group with 3 updates in the / directory: [ocrmypdf](https://github.com/ocrmypdf/OCRmyPDF), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [ruff](https://github.com/astral-sh/ruff).


Updates `ocrmypdf` from 16.10.4 to 16.11.0
- [Release notes](https://github.com/ocrmypdf/OCRmyPDF/releases)
- [Changelog](https://github.com/ocrmypdf/OCRmyPDF/blob/main/docs/release_notes.md)
- [Commits](https://github.com/ocrmypdf/OCRmyPDF/compare/v16.10.4...v16.11.0)

Updates `mkdocs-material` from 9.6.19 to 9.6.20
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.6.19...9.6.20)

Updates `ruff` from 0.12.12 to 0.13.0
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.12.12...0.13.0)

---
updated-dependencies:
- dependency-name: ocrmypdf
  dependency-version: 16.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: small-changes
- dependency-name: mkdocs-material
  dependency-version: 9.6.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: small-changes
- dependency-name: ruff
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: small-changes
...

Signed-off-by: dependabot[bot] <support@github.com>

* Applies the new Ruff rule for unpacking

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
2025-09-17 13:16:34 -07:00
shamoon 1709aee903 Development: fix localization failing tests (#10840)
---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
2025-09-12 16:42:52 -07:00
david-loe 2dc4f1f49b Enhancement: add storage path as workflow trigger filter (#10771)
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2025-09-11 17:41:04 +00:00
sidey79 9e11e7fd05 Enhancement: jinja template support for workflow title assignment (#10700)
---------

Co-authored-by: Trenton Holmes <797416+stumpylog@users.noreply.github.com>
Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2025-09-11 06:56:16 -07:00
Antoine Mérino 8adc26e09d Enhancement: Limit excessively long content length when computing suggestions (#10656)
This helps prevent excessive processing times on very large documents
by limiting the text analyzed during date parsing, tag prediction,
and correspondent matching.

If the document exceeds 1.2M chars, crop to 1M char.
2025-09-09 13:02:16 -07:00
Sebastian Steinbeißer d2064a2535 Chore: switch from os.path to pathlib.Path (#10539) 2025-09-03 08:12:41 -07:00
shamoon cb927c5b22 Fix: include application config language settings for dateparser auto-detection (#10722) 2025-08-31 15:22:39 -07:00
shamoon 0ccc2da9bb Fix some tests from b1c406680f 2025-08-16 07:53:48 -07:00
shamoon b1c406680f Merge commit from fork
* Security: prevent XSS with storage path template rendering

* Security: prevent XSS svg uploads

* Security: force attachment disposition for logo

* Add suggestions from code review

* Improve SVG validation with allowlist for tags and attributes
2025-08-16 07:34:00 -07:00