amorfo77/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-05-11 09:05:26 +00:00
Code Issues Projects Releases Wiki Activity
10,853 Commits 21 Branches 220 Tags
f705f060ab2f10a110d8967aa3856f3c6599ee43
Commit Graph

879 Commits

Author SHA1 Message Date
shamoon 9e9fc6213c Resolve GHSA-96jx-fj7m-qh6x 2026-03-20 15:39:15 -07:00
Trenton H 0f7c02de5e Fix: test: add regression test for workflow save clobbering filename (#12390) 
Add test_workflow_document_updated_does_not_overwrite_filename to
verify that run_workflows (DOCUMENT_UPDATED path) does not revert a
DB filename that was updated by a concurrent bulk_update_documents
task's update_filename_and_move_files call.

The test replicates the race window by:
  - Updating the DB filename directly (simulating BUD-1 completing)
  - Mocking refresh_from_db so the stale in-memory filename persists
  - Asserting the DB filename is not clobbered after run_workflows

Relates to: https://github.com/paperless-ngx/paperless-ngx/issues/12386

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-18 13:31:09 -07:00
shamoon b6501b0c47 Fix: avoid moving files if already moved (#12389) 2026-03-18 09:51:48 -07:00
shamoon 7942edfdf4 Fixhancement: only offer basic auth for appropriate requests (#12362) 2026-03-16 22:07:12 -07:00
shamoon 06b2d5102c Fix GHSA-59xh-5vwx-4c4q 2026-03-15 17:13:08 -07:00
shamoon 60319c6d37 Fix: prevent stale db filename during workflow actions (#12289) 2026-03-09 19:32:46 -07:00
shamoon 615f27e6fb Fix: support string coercion in filepath jinja templates (#12244) 2026-03-04 08:32:34 -08:00
shamoon 5b809122b5 Fix: apply ordering after annotating tag document count (#12238) 2026-03-04 00:33:13 -08:00
shamoon 8b8307571a Fix: enforce path limit for db filename fields (#12235) 2026-03-03 13:19:56 -08:00
shamoon c7f83212a3 Enforce on selection_data too 2026-02-28 01:27:40 -08:00
shamoon b010f65ae7 Fix GHSA-386h-chg4-cfw9 2026-02-28 01:16:53 -08:00
shamoon afaf39e43a Fix/GHSA-x395-6h48-wr8v 2026-02-16 00:02:15 -08:00
shamoon 5cc3c087d9 Security: enforce ownership for permission updates 2026-01-30 13:55:55 -08:00
shamoon c8c4c7c749 Security: enforce permissions for post_document 2026-01-30 12:14:18 -08:00
shamoon 72e8b73108 Fix test 2026-01-25 17:08:15 -08:00
shamoon 6f4497185e Fix merge conflict 2026-01-13 10:01:41 -08:00
shamoon e816269db5 Fix: recurring workflow to respect latest run time (#11735) 2026-01-13 09:36:53 -08:00
shamoon d4e60e13bf Fixhancement: add error handling and retry when opening index (#11731) 2026-01-13 09:36:44 -08:00
shamoon cb091665e2 Fix: validate cf integer values within PostgreSQL range (#11666) 2026-01-13 09:36:29 -08:00
shamoon 11ec676909 Fix: propagate metadata override created value (#11659) 2026-01-13 09:36:07 -08:00
shamoon 7c457466b7 Security: prevent path traversal in storage paths 2026-01-13 09:29:48 -08:00
shamoon 078cba4bd1 Fix: allow safe <style> tags in SVG uploads (#11593) 2025-12-12 22:01:56 +00:00
Trenton H d9a596d67a Fix: Expanded SVG validation whitelist and additional checks (#11590) 2025-12-12 20:04:04 +00:00
shamoon 9bdbfd362f Merge commit from fork 
* Add safe regex matching with timeouts and validation

* Remove redundant length check

* Remove timeouterror workaround
 2025-12-12 09:28:47 -08:00
shamoon 9ba1d93e15 Merge commit from fork 
* Uses a custom transport to resolve the slim chance of a DNS rebinding affecting the webhook

* Fix WebhookTransport hostname resolution and validation

* Fix test failures

* Lint

* Keep all internal logic inside WebhookTransport

* Fix test failure

* Update handlers.py

* Update handlers.py

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
 2025-12-12 09:28:17 -08:00
shamoon 3b4d958b97 Performance: avoid unnecessary filename operations on bulk custom field updates (#11558) 2025-12-12 07:50:51 -08:00
shamoon 66d363bdc5 Chore: refactor workflows code (#11563) 2025-12-11 12:13:10 -08:00
shamoon 128c3539d5 Chore: fix set_permissions_for_object type (#11564) 2025-12-10 00:12:40 +00:00
shamoon 0c43b50f01 Fix: change async handling of select custom field updates (#11490) 2025-11-30 03:54:15 +00:00
shamoon 27966858fd Enhancement: add more relative dates, support modified (#11411) 2025-11-19 16:54:24 +00:00
shamoon cf5ac596ed Performance: make move files after select custom field change async (#11391) 2025-11-19 15:21:33 +00:00
david-loe 7b175ec1b3 Development: fix correct test delete select option (#11406) 2025-11-18 19:28:52 +00:00
Ed Bardsley 36d45ecf4d Development: fix unreachable code around assertRaises blocks (#11365) 
* tests: general cleanup and fixes for runnning under docker

This now allows tests to be run under a locally built or production
docker image with something like:

  `docker run --rm -v $PWD:/usr/src/paperless --entrypoint=bash paperlessngx/paperless-ngx:latest -c "uv run pytest"`

Specific fixes:
- fix unreachable code around `assertRaises` blocks
- fix `assertInt` typos
- fix `str(e)` vs `str(e.exception)` issues
- skip permission-based checks when root (in a docker container)
- catch `OSError` problems when instantiating `INotify` and
  skip inotify-based tests when it's unavailable.

* Reverts most files to dev while keeping the exception assert fixes

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
 2025-11-18 18:28:43 +00:00
shamoon 0e5ab7f3e0 Fix: support for custom field ordering w advanced search (#11383) 2025-11-17 20:47:55 +00:00
Ed Bardsley c5ad148dc7 Fix: include BASE_URL when constructing doc_url for workflows (#11360) 
---------

Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
 2025-11-14 17:45:13 +00:00
shamoon b12f1e757c Fixhancement: refactor email attachment logic (#11336) 2025-11-14 17:28:46 +00:00
shamoon 0219df5b67 Fixhancement: trim whitespace for some text searches (#11357) 2025-11-14 08:09:09 -08:00
shamoon e9f846ca24 Fix: include replace none logic in storage path preview, improve jinja conditionals for empty metadata (#11315) 2025-11-08 13:31:57 -08:00
shamoon 2a9d1fce0d Chore: include password validation on user edit (#11308) 2025-11-07 11:20:27 -08:00
shamoon ad45e3f747 Fix: respect fields parameter for created field (#11251) 2025-11-01 13:13:39 -07:00
shamoon a0d3527d20 Fixhancement: truncate large logs, improve auto-scroll (#11239) 2025-11-01 07:49:52 -07:00
shamoon b9aced07fb Chore: cache Github version check for 15 minutes (#11235) 2025-10-30 13:53:30 -07:00
shamoon b60fb8ed82 Fix: remove unnecessary permission requirements for new email endpoint (#11215) 2025-10-29 07:14:51 -07:00
shamoon d718d7d29f Fix: add root tag filtering for tag list page consistency, fix toggle all (#11208) 2025-10-28 11:04:22 -07:00
shamoon 48d21da13b Fix: support ConsumableDocument in email attachments (#11196) 2025-10-27 10:37:57 -07:00
shamoon 63dab0ab09 Change: restrict superuser modifications to superusers only 2025-10-24 16:25:59 -07:00
shamoon 13161ebb01 Fix: retrieve document_count for tag children (#11125) 2025-10-22 11:13:15 -07:00
shamoon fcae006afa Tweak: improve tag parent validation error handling (#11096) 2025-10-20 22:42:01 -07:00
Jan Kleine 340754d865 Enhancement: use friendly file names when emailing documents (#11055) 2025-10-15 17:10:25 +00:00
shamoon f6c004183e Feature: Advanced Workflow Trigger Filters (#11029) 2025-10-13 22:23:56 +00:00