0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-12-03 03:18:04 +01:00
gitea/services
Kemal Zebari 7adc4717ec
Include file extension checks in attachment API (#32151)
From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.
2024-11-06 21:34:32 +00:00
..
actions Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) 2024-10-13 20:28:32 +00:00
agit Make git push options accept short name (#32245) 2024-10-12 05:42:10 +00:00
asymkey Fix some pending problems (#29985) 2024-03-22 19:17:30 +08:00
attachment Include file extension checks in attachment API (#32151) 2024-11-06 21:34:32 +00:00
auth Update go dependencies (#32389) 2024-10-31 12:05:54 +00:00
automerge bump to go 1.23 (#31855) 2024-09-10 02:23:07 +00:00
context Include file extension checks in attachment API (#32151) 2024-11-06 21:34:32 +00:00
contexttest Check if reverse proxy is correctly configured (#30890) 2024-05-10 20:07:01 +08:00
convert Fix milestone deadline and date related problems (#32339) 2024-11-05 07:46:40 +00:00
cron Support repo license (#24872) 2024-10-01 15:25:08 -04:00
doctor Refactor the DB migration system slightly (#32344) 2024-10-27 19:54:35 +08:00
externalaccount allow synchronizing user status from OAuth2 login providers (#31572) 2024-07-16 20:33:16 +02:00
feed More db.DefaultContext refactor (#27265) 2023-09-29 12:12:54 +00:00
forms Make admins adhere to branch protection rules (#32248) 2024-10-23 12:39:43 +08:00
gitdiff Fix git error handling (#32401) 2024-11-02 11:20:22 +00:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-08 14:45:15 +00:00
issue refactor: remove redundant err declarations (#32381) 2024-10-30 19:36:24 +00:00
lfs Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) 2024-10-31 15:28:25 +00:00
mailer Add missing comment reply handling (#32050) 2024-09-17 20:56:26 +00:00
markup Enable more revive linter rules (#30608) 2024-04-22 11:48:42 +00:00
migrations Support migrating GitHub/GitLab PR draft status (#32242) 2024-10-13 22:58:13 +03:00
mirror Fix git error handling (#32401) 2024-11-02 11:20:22 +00:00
notify Clean up log messages (#30313) 2024-04-07 19:17:06 +08:00
oauth2_provider Make oauth2 code clear. Move oauth2 provider code to their own packages/files (#32148) 2024-10-02 08:03:19 +08:00
org Update misspell to 0.5.1 and add misspellings.csv (#30573) 2024-04-27 08:03:49 +00:00
packages Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) 2024-10-31 15:28:25 +00:00
projects Add issue comment when moving issues from one column to another of the project (#29311) 2024-08-09 01:29:02 +00:00
pull Make admins adhere to branch protection rules (#32248) 2024-10-23 12:39:43 +08:00
release Handle invalid target when creating releases using API (#31841) 2024-09-12 07:47:31 +00:00
repository Fix git error handling (#32401) 2024-11-02 11:20:22 +00:00
secrets Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
task Fix "force private" logic (#31012) 2024-05-20 00:56:45 +00:00
uinotification Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
user Add warn log when deleting inactive users (#32318) 2024-10-23 09:28:28 +08:00
webhook Support requested_reviewers data in comment webhook events (#26178) 2024-10-16 09:10:05 +00:00
webtheme Initial support for colorblindness-friendly themes (#30625) 2024-04-24 00:18:41 +08:00
wiki Use global lock instead of NewExclusivePool to allow distributed lock between multiple Gitea instances (#31813) 2024-09-06 10:12:41 +00:00