mirror of
https://github.com/go-gitea/gitea.git
synced 2024-12-14 03:14:04 +01:00
7adc4717ec
From testing, I found that issue posters and users with repository write access are able to edit attachment names in a way that circumvents the instance-level file extension restrictions using the edit attachment APIs. This snapshot adds checks for these endpoints. |
||
---|---|---|
.. | ||
admin | ||
api/packages/pypi | ||
base | ||
custom | ||
devtest | ||
explore | ||
org | ||
package | ||
projects | ||
repo | ||
shared | ||
status | ||
swagger | ||
user | ||
webhook | ||
home.tmpl | ||
install.tmpl | ||
post-install.tmpl |