amorfo77/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-04-07 16:48:54 +00:00
Code Issues Projects Releases Wiki Activity
10,861 Commits 21 Branches 216 Tags
f3ee820fa4ad453e7791241dce99c67e08eac33c
Commit Graph

886 Commits

Author SHA1 Message Date
shamoon
2f5bcdf66e Fix: dont defer tag change application in workflows (#12478) 2026-04-02 11:54:37 -07:00
shamoon
501cdd92d2 Fix: limit share link viewset actions (#12461) 2026-03-30 09:34:13 -07:00
shamoon
66c5c46913 Fix: add fallback ordering for documents by id after created (#12440) 2026-03-26 06:16:14 -07:00
shamoon
3292a0e7cc Fix: validate date CF value in serializer (#12410) 2026-03-21 08:49:52 -07:00
shamoon
cc71aad058 Fix: suggest corrections only if visible results 2026-03-21 01:24:23 -07:00
shamoon
3cbdf5d0b7 Fix: require view permission for more-like search 2026-03-21 01:20:59 -07:00
shamoon
f84e0097e5 Fix validate document link targets 2026-03-21 00:55:36 -07:00
shamoon
9e9fc6213c Resolve GHSA-96jx-fj7m-qh6x 2026-03-20 15:39:15 -07:00
Trenton H
0f7c02de5e Fix: test: add regression test for workflow save clobbering filename (#12390) 
Add test_workflow_document_updated_does_not_overwrite_filename to
verify that run_workflows (DOCUMENT_UPDATED path) does not revert a
DB filename that was updated by a concurrent bulk_update_documents
task's update_filename_and_move_files call.

The test replicates the race window by:
  - Updating the DB filename directly (simulating BUD-1 completing)
  - Mocking refresh_from_db so the stale in-memory filename persists
  - Asserting the DB filename is not clobbered after run_workflows

Relates to: https://github.com/paperless-ngx/paperless-ngx/issues/12386

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-18 13:31:09 -07:00
shamoon
b6501b0c47 Fix: avoid moving files if already moved (#12389) 2026-03-18 09:51:48 -07:00
shamoon
7942edfdf4 Fixhancement: only offer basic auth for appropriate requests (#12362) 2026-03-16 22:07:12 -07:00
shamoon
06b2d5102c Fix GHSA-59xh-5vwx-4c4q 2026-03-15 17:13:08 -07:00
shamoon
60319c6d37 Fix: prevent stale db filename during workflow actions (#12289) 2026-03-09 19:32:46 -07:00
shamoon
615f27e6fb Fix: support string coercion in filepath jinja templates (#12244) 2026-03-04 08:32:34 -08:00
shamoon
5b809122b5 Fix: apply ordering after annotating tag document count (#12238) 2026-03-04 00:33:13 -08:00
shamoon
8b8307571a Fix: enforce path limit for db filename fields (#12235) 2026-03-03 13:19:56 -08:00
shamoon
c7f83212a3 Enforce on selection_data too 2026-02-28 01:27:40 -08:00
shamoon
b010f65ae7 Fix GHSA-386h-chg4-cfw9 2026-02-28 01:16:53 -08:00
shamoon
afaf39e43a Fix/GHSA-x395-6h48-wr8v 2026-02-16 00:02:15 -08:00
shamoon
5cc3c087d9 Security: enforce ownership for permission updates 2026-01-30 13:55:55 -08:00
shamoon
c8c4c7c749 Security: enforce permissions for post_document 2026-01-30 12:14:18 -08:00
shamoon
72e8b73108 Fix test 2026-01-25 17:08:15 -08:00
shamoon
6f4497185e Fix merge conflict 2026-01-13 10:01:41 -08:00
shamoon
e816269db5 Fix: recurring workflow to respect latest run time (#11735) 2026-01-13 09:36:53 -08:00
shamoon
d4e60e13bf Fixhancement: add error handling and retry when opening index (#11731) 2026-01-13 09:36:44 -08:00
shamoon
cb091665e2 Fix: validate cf integer values within PostgreSQL range (#11666) 2026-01-13 09:36:29 -08:00
shamoon
11ec676909 Fix: propagate metadata override created value (#11659) 2026-01-13 09:36:07 -08:00
shamoon
7c457466b7 Security: prevent path traversal in storage paths 2026-01-13 09:29:48 -08:00
shamoon
078cba4bd1 Fix: allow safe <style> tags in SVG uploads (#11593) 2025-12-12 22:01:56 +00:00
Trenton H
d9a596d67a Fix: Expanded SVG validation whitelist and additional checks (#11590) 2025-12-12 20:04:04 +00:00
shamoon
9bdbfd362f Merge commit from fork 
* Add safe regex matching with timeouts and validation

* Remove redundant length check

* Remove timeouterror workaround
 2025-12-12 09:28:47 -08:00
shamoon
9ba1d93e15 Merge commit from fork 
* Uses a custom transport to resolve the slim chance of a DNS rebinding affecting the webhook

* Fix WebhookTransport hostname resolution and validation

* Fix test failures

* Lint

* Keep all internal logic inside WebhookTransport

* Fix test failure

* Update handlers.py

* Update handlers.py

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
 2025-12-12 09:28:17 -08:00
shamoon
3b4d958b97 Performance: avoid unnecessary filename operations on bulk custom field updates (#11558) 2025-12-12 07:50:51 -08:00
shamoon
66d363bdc5 Chore: refactor workflows code (#11563) 2025-12-11 12:13:10 -08:00
shamoon
128c3539d5 Chore: fix set_permissions_for_object type (#11564) 2025-12-10 00:12:40 +00:00
shamoon
0c43b50f01 Fix: change async handling of select custom field updates (#11490) 2025-11-30 03:54:15 +00:00
shamoon
27966858fd Enhancement: add more relative dates, support modified (#11411) 2025-11-19 16:54:24 +00:00
shamoon
cf5ac596ed Performance: make move files after select custom field change async (#11391) 2025-11-19 15:21:33 +00:00
david-loe
7b175ec1b3 Development: fix correct test delete select option (#11406) 2025-11-18 19:28:52 +00:00
Ed Bardsley
36d45ecf4d Development: fix unreachable code around assertRaises blocks (#11365) 
* tests: general cleanup and fixes for runnning under docker

This now allows tests to be run under a locally built or production
docker image with something like:

  `docker run --rm -v $PWD:/usr/src/paperless --entrypoint=bash paperlessngx/paperless-ngx:latest -c "uv run pytest"`

Specific fixes:
- fix unreachable code around `assertRaises` blocks
- fix `assertInt` typos
- fix `str(e)` vs `str(e.exception)` issues
- skip permission-based checks when root (in a docker container)
- catch `OSError` problems when instantiating `INotify` and
  skip inotify-based tests when it's unavailable.

* Reverts most files to dev while keeping the exception assert fixes

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
 2025-11-18 18:28:43 +00:00
shamoon
0e5ab7f3e0 Fix: support for custom field ordering w advanced search (#11383) 2025-11-17 20:47:55 +00:00
Ed Bardsley
c5ad148dc7 Fix: include BASE_URL when constructing doc_url for workflows (#11360) 
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
 2025-11-14 17:45:13 +00:00
shamoon
b12f1e757c Fixhancement: refactor email attachment logic (#11336) 2025-11-14 17:28:46 +00:00
shamoon
0219df5b67 Fixhancement: trim whitespace for some text searches (#11357) 2025-11-14 08:09:09 -08:00
shamoon
e9f846ca24 Fix: include replace none logic in storage path preview, improve jinja conditionals for empty metadata (#11315) 2025-11-08 13:31:57 -08:00
shamoon
2a9d1fce0d Chore: include password validation on user edit (#11308) 2025-11-07 11:20:27 -08:00
shamoon
ad45e3f747 Fix: respect fields parameter for created field (#11251) 2025-11-01 13:13:39 -07:00
shamoon
a0d3527d20 Fixhancement: truncate large logs, improve auto-scroll (#11239) 2025-11-01 07:49:52 -07:00
shamoon
b9aced07fb Chore: cache Github version check for 15 minutes (#11235) 2025-10-30 13:53:30 -07:00
shamoon
b60fb8ed82 Fix: remove unnecessary permission requirements for new email endpoint (#11215) 2025-10-29 07:14:51 -07:00