mirror of
https://github.com/go-gitea/gitea
synced 2025-07-23 02:38:35 +00:00
Attachments: Add extension support, allow all types for releases (#12465)
* Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `<input type="file">` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
@@ -7,7 +7,6 @@ package repo
|
||||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"code.gitea.io/gitea/models"
|
||||
"code.gitea.io/gitea/modules/context"
|
||||
@@ -17,16 +16,18 @@ import (
|
||||
"code.gitea.io/gitea/modules/upload"
|
||||
)
|
||||
|
||||
func renderAttachmentSettings(ctx *context.Context) {
|
||||
ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
|
||||
ctx.Data["AttachmentStoreType"] = setting.Attachment.Storage.Type
|
||||
ctx.Data["AttachmentAllowedTypes"] = setting.Attachment.AllowedTypes
|
||||
ctx.Data["AttachmentMaxSize"] = setting.Attachment.MaxSize
|
||||
ctx.Data["AttachmentMaxFiles"] = setting.Attachment.MaxFiles
|
||||
// UploadIssueAttachment response for Issue/PR attachments
|
||||
func UploadIssueAttachment(ctx *context.Context) {
|
||||
uploadAttachment(ctx, setting.Attachment.AllowedTypes)
|
||||
}
|
||||
|
||||
// UploadAttachment response for uploading issue's attachment
|
||||
func UploadAttachment(ctx *context.Context) {
|
||||
// UploadReleaseAttachment response for uploading release attachments
|
||||
func UploadReleaseAttachment(ctx *context.Context) {
|
||||
uploadAttachment(ctx, setting.Repository.Release.AllowedTypes)
|
||||
}
|
||||
|
||||
// UploadAttachment response for uploading attachments
|
||||
func uploadAttachment(ctx *context.Context, allowedTypes string) {
|
||||
if !setting.Attachment.Enabled {
|
||||
ctx.Error(404, "attachment is not enabled")
|
||||
return
|
||||
@@ -45,7 +46,7 @@ func UploadAttachment(ctx *context.Context) {
|
||||
buf = buf[:n]
|
||||
}
|
||||
|
||||
err = upload.VerifyAllowedContentType(buf, strings.Split(setting.Attachment.AllowedTypes, ","))
|
||||
err = upload.Verify(buf, header.Filename, allowedTypes)
|
||||
if err != nil {
|
||||
ctx.Error(400, err.Error())
|
||||
return
|
||||
|
Reference in New Issue
Block a user