0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-21 21:41:10 +01:00
gitea/services/attachment
Kemal Zebari 7adc4717ec
Include file extension checks in attachment API (#32151)
From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.
2024-11-06 21:34:32 +00:00
..
attachment.go Include file extension checks in attachment API (#32151) 2024-11-06 21:34:32 +00:00
attachment_test.go