diff options
| author | silverwind <me@silverwind.io> | 2020-10-05 07:49:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-05 01:49:33 -0400 |
| commit | cda44750cbdc7a8460666a4f0ac7f652d84a3964 (patch) | |
| tree | 207745d1b529a0cde5207111d23bfc07c1e0312c /custom/conf | |
| parent | 67a5573310cf23726e3c2ef4651221c6dc150075 (diff) | |
| download | gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.tar.gz gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.zip | |
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases
- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
releases to prevent circumvention of allowed types check
Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers
* rename function
* extract GET routes out of RepoMustNotBeArchived
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'custom/conf')
| -rw-r--r-- | custom/conf/app.example.ini | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 1fc2c9ef0f..44c448a4e3 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -88,7 +88,7 @@ LOCAL_COPY_PATH = tmp/local-repo ENABLED = true ; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart) TEMP_PATH = data/tmp/uploads -; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type +; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. ALLOWED_TYPES = ; Max size of each file in megabytes. Defaults to 3MB FILE_MAX_SIZE = 3 @@ -117,6 +117,10 @@ DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true ; List of reasons why a Pull Request or Issue can be locked LOCK_REASONS=Too heated,Off-topic,Resolved,Spam +[repository.release] +; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. +ALLOWED_TYPES = + [repository.signing] ; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey ; run in the context of the RUN_USER @@ -766,11 +770,10 @@ DISABLE_GRAVATAR = false ENABLE_FEDERATED_AVATAR = false [attachment] -; Whether attachments are enabled. Defaults to `true` +; Whether issue and pull request attachments are enabled. Defaults to `true` ENABLED = true - -; One or more allowed types, e.g. "image/jpeg|image/png". Use "*/*" for all types. -ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip +; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types. +ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip ; Max size of each file. Defaults to 4MB MAX_SIZE = 4 ; Max number of files per upload. Defaults to 5 |