gitea/tests/integration/api_comment_attachment_test.go at 08a7e65c84d6612b73b3c930fdeaa31a43b685e0

mirror of https://github.com/go-gitea/gitea synced 2025-10-31 11:28:24 +00:00

Files

Kemal Zebari 7adc4717ec Include file extension checks in attachment API (#32151 )

From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.

2024-11-06 21:34:32 +00:00

9.1 KiB

Raw Blame History

View Raw

9.1 KiB Raw Blame History

9.1 KiB

Raw Blame History