]> source.dussan.org Git - gitea.git/commit
projects / gitea.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f64fbd9) | patch
Include file extension checks in attachment API (#32151)
authorKemal Zebari <60799661+kemzeb@users.noreply.github.com>
Wed, 6 Nov 2024 21:34:32 +0000 (13:34 -0800)
committerGitHub <noreply@github.com>
Wed, 6 Nov 2024 21:34:32 +0000 (21:34 +0000)
commit7adc4717ec8e4f8fe678010866e936cf024f498d
tree5b16713339512a7d1ed75b8ee9747ed08975c590tree | snapshot
parentf64fbd9b74998f3ac8353d2a8344e2e6f0ce1936commit | diff
Include file extension checks in attachment API (#32151)

From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.
routers/api/v1/repo/issue_attachment.go diff | blob | history
routers/api/v1/repo/issue_comment_attachment.go diff | blob | history
routers/api/v1/repo/release_attachment.go diff | blob | history
services/attachment/attachment.go diff | blob | history
services/context/upload/upload.go diff | blob | history
templates/swagger/v1_json.tmpl diff | blob | history
tests/integration/api_comment_attachment_test.go diff | blob | history
tests/integration/api_issue_attachment_test.go diff | blob | history
tests/integration/api_releases_attachment_test.go [new file with mode: 0644] blob
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea