Include file extension checks in attachment API (#32151) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	Kemal Zebari <60799661+kemzeb@users.noreply.github.com>	2024-11-06 13:34:32 -0800
committer	GitHub <noreply@github.com>	2024-11-06 21:34:32 +0000
commit	7adc4717ec8e4f8fe678010866e936cf024f498d (patch)
tree	5b16713339512a7d1ed75b8ee9747ed08975c590 /routers/init.go
parent	f64fbd9b74998f3ac8353d2a8344e2e6f0ce1936 (diff)
download	gitea-7adc4717ec8e4f8fe678010866e936cf024f498d.tar.gz gitea-7adc4717ec8e4f8fe678010866e936cf024f498d.zip

Include file extension checks in attachment API (#32151)

From testing, I found that issue posters and users with repository write access are able to edit attachment names in a way that circumvents the instance-level file extension restrictions using the edit attachment APIs. This snapshot adds checks for these endpoints.

Diffstat (limited to 'routers/init.go')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: