diff options
| author | silverwind <me@silverwind.io> | 2020-10-05 07:49:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-10-05 01:49:33 -0400 |
| commit | cda44750cbdc7a8460666a4f0ac7f652d84a3964 (patch) | |
| tree | 207745d1b529a0cde5207111d23bfc07c1e0312c /web_src | |
| parent | 67a5573310cf23726e3c2ef4651221c6dc150075 (diff) | |
| download | gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.tar.gz gitea-cda44750cbdc7a8460666a4f0ac7f652d84a3964.zip | |
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases
- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
releases to prevent circumvention of allowed types check
Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers
* rename function
* extract GET routes out of RepoMustNotBeArchived
Co-authored-by: Lauris BH <lauris@nix.lv>
Diffstat (limited to 'web_src')
| -rw-r--r-- | web_src/js/index.js | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/web_src/js/index.js b/web_src/js/index.js index 415db385b3..e4f1575391 100644 --- a/web_src/js/index.js +++ b/web_src/js/index.js @@ -326,7 +326,7 @@ function uploadFile(file, callback) { } }); - xhr.open('post', `${AppSubUrl}/attachments`, true); + xhr.open('post', $('#dropzone').data('upload-url'), true); xhr.setRequestHeader('X-Csrf-Token', csrf); const formData = new FormData(); formData.append('file', file, file.name); @@ -902,7 +902,7 @@ async function initRepository() { headers: {'X-Csrf-Token': csrf}, maxFiles: $dropzone.data('max-file'), maxFilesize: $dropzone.data('max-size'), - acceptedFiles: ($dropzone.data('accepts') === '*/*') ? null : $dropzone.data('accepts'), + acceptedFiles: (['*/*', ''].includes($dropzone.data('accepts'))) ? null : $dropzone.data('accepts'), addRemoveLinks: true, dictDefaultMessage: $dropzone.data('default-message'), dictInvalidFileType: $dropzone.data('invalid-input-type'), @@ -923,10 +923,10 @@ async function initRepository() { return; } $(`#${filenameDict[file.name].uuid}`).remove(); - if ($dropzone.data('remove-url') && $dropzone.data('csrf') && !filenameDict[file.name].submitted) { + if ($dropzone.data('remove-url') && !filenameDict[file.name].submitted) { $.post($dropzone.data('remove-url'), { file: filenameDict[file.name].uuid, - _csrf: $dropzone.data('csrf') + _csrf: csrf, }); } }); @@ -2323,7 +2323,7 @@ $(document).ready(async () => { headers: {'X-Csrf-Token': csrf}, maxFiles: $dropzone.data('max-file'), maxFilesize: $dropzone.data('max-size'), - acceptedFiles: ($dropzone.data('accepts') === '*/*') ? null : $dropzone.data('accepts'), + acceptedFiles: (['*/*', ''].includes($dropzone.data('accepts'))) ? null : $dropzone.data('accepts'), addRemoveLinks: true, dictDefaultMessage: $dropzone.data('default-message'), dictInvalidFileType: $dropzone.data('invalid-input-type'), @@ -2340,10 +2340,10 @@ $(document).ready(async () => { if (file.name in filenameDict) { $(`#${filenameDict[file.name]}`).remove(); } - if ($dropzone.data('remove-url') && $dropzone.data('csrf')) { + if ($dropzone.data('remove-url')) { $.post($dropzone.data('remove-url'), { file: filenameDict[file.name], - _csrf: $dropzone.data('csrf') + _csrf: csrf }); } }); |