summaryrefslogtreecommitdiffstats
path: root/modules/upload
diff options
context:
space:
mode:
authorGabriel Vasile <gabriel.vasile@email.com>2021-11-27 13:12:43 +0200
committerGitHub <noreply@github.com>2021-11-27 19:12:43 +0800
commit2e8fc5b034d7a2ceb22f264193a157230b48365a (patch)
tree7d7512cc7390ed105ee701d0f95106c8534941d8 /modules/upload
parent789d251ae4223fb3fe6c42333cb6731d8ebde05e (diff)
downloadgitea-2e8fc5b034d7a2ceb22f264193a157230b48365a.tar.gz
gitea-2e8fc5b034d7a2ceb22f264193a157230b48365a.zip
Replace regex usage for MIME parsing (#17831)
MIME types can have multiple optional parameters, eg: video/webm; codecs="w/e codec"; charset="binary" This commit replaces the usage of regex for getting the "type/subtype" with mime.ParseMediaType.
Diffstat (limited to 'modules/upload')
-rw-r--r--modules/upload/upload.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/modules/upload/upload.go b/modules/upload/upload.go
index 097facb4d5..9d20f1082f 100644
--- a/modules/upload/upload.go
+++ b/modules/upload/upload.go
@@ -5,6 +5,7 @@
package upload
import (
+ "mime"
"net/http"
"net/url"
"path"
@@ -31,7 +32,6 @@ func (err ErrFileTypeForbidden) Error() string {
return "This file extension or type is not allowed to be uploaded."
}
-var mimeTypeSuffixRe = regexp.MustCompile(`;.*$`)
var wildcardTypeRe = regexp.MustCompile(`^[a-z]+/\*$`)
// Verify validates whether a file is allowed to be uploaded.
@@ -51,7 +51,11 @@ func Verify(buf []byte, fileName string, allowedTypesStr string) error {
}
fullMimeType := http.DetectContentType(buf)
- mimeType := strings.TrimSpace(mimeTypeSuffixRe.ReplaceAllString(fullMimeType, ""))
+ mimeType, _, err := mime.ParseMediaType(fullMimeType)
+ if err != nil {
+ log.Warn("Detected attachment type could not be parsed %s", fullMimeType)
+ return ErrFileTypeForbidden{Type: fullMimeType}
+ }
extension := strings.ToLower(path.Ext(fileName))
// https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers