Attachments: Add extension support, allow all types for releases (#12465)

* Attachments: Add extension support, allow all types for releases - Add support for file extensions, matching the `accept` attribute of `<input type="file">` - Add support for type wildcard mime types, e.g. `image/*` - Create repository.release.ALLOWED_TYPES setting (default unrestricted) - Change default for attachment.ALLOWED_TYPES to a list of extensions - Split out POST /attachments into two endpoints for issue/pr and releases to prevent circumvention of allowed types check Fixes: https://github.com/go-gitea/gitea/pull/10172 Fixes: https://github.com/go-gitea/gitea/issues/7266 Fixes: https://github.com/go-gitea/gitea/pull/12460 Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers * rename function * extract GET routes out of RepoMustNotBeArchived Co-authored-by: Lauris BH <lauris@nix.lv>
2025-07-22 18:28:37 +00:00 · 2020-10-05 07:49:33 +02:00
parent 67a5573310
commit cda44750cb
26 changed files with 497 additions and 226 deletions
--- a/templates/repo/editor/upload.tmpl
+++ b/templates/repo/editor/upload.tmpl
@@ -27,7 +27,7 @@
 			</div>
 			<div class="field">
 				<div class="files"></div>
-				<div class="ui dropzone" id="dropzone" data-upload-url="{{.RepoLink}}/upload-file" data-remove-url="{{.RepoLink}}/upload-remove" data-csrf="{{.CsrfToken}}" data-accepts="{{.UploadAllowedTypes}}" data-max-file="{{.UploadMaxFiles}}" data-max-size="{{.UploadMaxSize}}" data-default-message="{{.i18n.Tr "dropzone.default_message"}}" data-invalid-input-type="{{.i18n.Tr "dropzone.invalid_input_type"}}" data-file-too-big="{{.i18n.Tr "dropzone.file_too_big"}}" data-remove-file="{{.i18n.Tr "dropzone.remove_file"}}"></div>
+				{{template "repo/upload" .}}
 			</div>
 			{{template "repo/editor/commit_form" .}}
 		</form>
--- a/templates/repo/issue/comment_tab.tmpl
+++ b/templates/repo/issue/comment_tab.tmpl
@@ -12,8 +12,8 @@
 	</div>
 </div>
 {{if .IsAttachmentEnabled}}
-<div class="field">
-	<div class="files"></div>
-	<div class="ui dropzone" id="dropzone" data-upload-url="{{AppSubUrl}}/attachments" data-accepts="{{.AttachmentAllowedTypes}}" data-max-file="{{.AttachmentMaxFiles}}" data-max-size="{{.AttachmentMaxSize}}" data-default-message="{{.i18n.Tr "dropzone.default_message"}}" data-invalid-input-type="{{.i18n.Tr "dropzone.invalid_input_type"}}" data-file-too-big="{{.i18n.Tr "dropzone.file_too_big"}}" data-remove-file="{{.i18n.Tr "dropzone.remove_file"}}"></div>
-</div>
+	<div class="field">
+		<div class="files"></div>
+		{{template "repo/upload" .}}
+	</div>
 {{end}}
--- a/templates/repo/issue/view_content.tmpl
+++ b/templates/repo/issue/view_content.tmpl
@@ -197,19 +197,10 @@
 			</div>
 		</div>
 		{{if .IsAttachmentEnabled}}
-		<div class="field">
-			<div class="comment-files"></div>
-			<div class="ui dropzone" id="comment-dropzone"
-				data-upload-url="{{AppSubUrl}}/attachments"
-				data-remove-url="{{AppSubUrl}}/attachments/delete"
-				data-csrf="{{.CsrfToken}}" data-accepts="{{.AttachmentAllowedTypes}}"
-				data-max-file="{{.AttachmentMaxFiles}}" data-max-size="{{.AttachmentMaxSize}}"
-				data-default-message="{{.i18n.Tr "dropzone.default_message"}}"
-				data-invalid-input-type="{{.i18n.Tr "dropzone.invalid_input_type"}}"
-				data-file-too-big="{{.i18n.Tr "dropzone.file_too_big"}}"
-				data-remove-file="{{.i18n.Tr "dropzone.remove_file"}}">
+			<div class="field">
+				<div class="comment-files"></div>
+				{{template "repo/upload" .}}
 			</div>
-		</div>
 		{{end}}
 		<div class="field footer">
 			<div class="text right edit">
--- a/templates/repo/release/new.tmpl
+++ b/templates/repo/release/new.tmpl
@@ -49,10 +49,10 @@
 					<textarea name="content">{{.content}}</textarea>
 				</div>
 				{{if .IsAttachmentEnabled}}
-				<div class="field">
-					<div class="files"></div>
-					<div class="ui dropzone" id="dropzone" data-upload-url="{{AppSubUrl}}/attachments" data-accepts="{{.AttachmentAllowedTypes}}" data-max-file="{{.AttachmentMaxFiles}}" data-max-size="{{.AttachmentMaxSize}}" data-default-message="{{.i18n.Tr "dropzone.default_message"}}" data-invalid-input-type="{{.i18n.Tr "dropzone.invalid_input_type"}}" data-file-too-big="{{.i18n.Tr "dropzone.file_too_big"}}" data-remove-file="{{.i18n.Tr "dropzone.remove_file"}}"></div>
-				</div>
+					<div class="field">
+						<div class="files"></div>
+						{{template "repo/upload" .}}
+					</div>
 				{{end}}
 			</div>
 			<div class="ui container">
--- a/templates/repo/upload.tmpl
+++ b/templates/repo/upload.tmpl
@@ -0,0 +1,13 @@
+<div
+	class="ui dropzone"
+	id="dropzone"
+	data-upload-url="{{.UploadUrl}}"
+	data-remove-url="{{.UploadRemoveUrl}}"
+	data-accepts="{{.UploadAccepts}}"
+	data-max-file="{{.UploadMaxFiles}}"
+	data-max-size="{{.UploadMaxSize}}"
+	data-default-message="{{.i18n.Tr "dropzone.default_message"}}"
+	data-invalid-input-type="{{.i18n.Tr "dropzone.invalid_input_type"}}"
+	data-file-too-big="{{.i18n.Tr "dropzone.file_too_big"}}"
+	data-remove-file="{{.i18n.Tr "dropzone.remove_file"}}"
+></div>