tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-07 11:07:20 +00:00
Code Releases Activity

Fix upload file type check (#7890)

Browse Source 
* fix upload file type check

* make the function simple and added tests

* Update comment as per @silverwind
This commit is contained in:
Lunny Xiao
2019-08-17 18:10:17 +08:00
committed by Lauris BH
parent a678ea44b8
commit 2d0b90c967
2 changed files with 54 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
modules/upload/filetype.go
View File

@ -31,19 +31,16 @@ func (err ErrFileTypeForbidden) Error() string {
func VerifyAllowedContentType(buf []byte, allowedTypes []string) error {
fileType := http.DetectContentType(buf)
allowed := false
for _, t := range allowedTypes {
t := strings.Trim(t, " ")
if t == "*/*" || t == fileType {
allowed = true
break
if t == "*/*" || t == fileType ||
// Allow directives after type, like 'text/plain; charset=utf-8'
strings.HasPrefix(fileType, t+";") {
return nil
}
}
if !allowed {
log.Info("Attachment with type %s blocked from upload", fileType)
return ErrFileTypeForbidden{Type: fileType}
}
return nil
log.Info("Attachment with type %s blocked from upload", fileType)
return ErrFileTypeForbidden{Type: fileType}
}