tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Include file extension checks in attachment API (#32151)

Browse Source 
From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.
This commit is contained in:
Kemal Zebari
2024-11-06 13:34:32 -08:00
committed by GitHub
parent f64fbd9b74
commit 7adc4717ec
9 changed files with 148 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
templates/swagger/v1_json.tmpl generated
View File

@@ -7706,6 +7706,9 @@
"404": {
"$ref": "#/responses/error"
},
"422": {
"$ref": "#/responses/validationError"
},
"423": {
"$ref": "#/responses/repoArchivedError"
}
@@ -8328,6 +8331,9 @@
"404": {
"$ref": "#/responses/error"
},
"422": {
"$ref": "#/responses/validationError"
},
"423": {
"$ref": "#/responses/repoArchivedError"
}
@@ -13474,6 +13480,9 @@
},
"404": {
"$ref": "#/responses/notFound"
},
"422": {
"$ref": "#/responses/validationError"
}
}
}