summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author6543 <6543@obermui.de>2023-04-10 22:14:16 +0200
committerGitHub <noreply@github.com>2023-04-10 16:14:16 -0400
commit2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79 (patch)
treeb39b094253b82a8e0101597d2ef61390b493d455
parenteb397c3e631099686f8c11cbd0ca303fd37908ba (diff)
downloadgitea-2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79.tar.gz
gitea-2b91841cd3e1213ff3e4ed4209d6a4be89c2fa79.zip
Reserve ".png" suffix for user/org names (#23992)
Org/User names ending with ".png" where not functional, so reserve them alternative / close #23908
-rw-r--r--models/user/user.go3
-rw-r--r--tests/integration/user_avatar_test.go11
2 files changed, 13 insertions, 1 deletions
diff --git a/models/user/user.go b/models/user/user.go
index 82c2d3b6cd..5709ed7ff2 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -537,7 +537,8 @@ var (
"gitea-actions",
}
- reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
+ // DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
+ reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
)
// IsUsableUsername returns an error when a username is reserved
diff --git a/tests/integration/user_avatar_test.go b/tests/integration/user_avatar_test.go
index 7aeba6a334..ec5813df0d 100644
--- a/tests/integration/user_avatar_test.go
+++ b/tests/integration/user_avatar_test.go
@@ -5,6 +5,7 @@ package integration
import (
"bytes"
+ "fmt"
"image/png"
"io"
"mime/multipart"
@@ -77,6 +78,16 @@ func TestUserAvatar(t *testing.T) {
req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0))
_ = session.MakeRequest(t, req, http.StatusOK)
+ testGetAvatarRedirect(t, user2)
+
// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough.
})
}
+
+func testGetAvatarRedirect(t *testing.T, user *user_model.User) {
+ t.Run(fmt.Sprintf("getAvatarRedirect_%s", user.Name), func(t *testing.T) {
+ req := NewRequestf(t, "GET", "/%s.png", user.Name)
+ resp := MakeRequest(t, req, http.StatusSeeOther)
+ assert.EqualValues(t, fmt.Sprintf("/avatars/%s", user.Avatar), resp.Header().Get("location"))
+ })
+}