mirror of
https://github.com/go-gitea/gitea.git
synced 2024-12-22 14:26:02 +01:00
7adc4717ec
From testing, I found that issue posters and users with repository write access are able to edit attachment names in a way that circumvents the instance-level file extension restrictions using the edit attachment APIs. This snapshot adds checks for these endpoints. |
||
---|---|---|
.. | ||
upload | ||
access_log.go | ||
api_org.go | ||
api_test.go | ||
api.go | ||
base_test.go | ||
base.go | ||
captcha.go | ||
context_cookie.go | ||
context_model.go | ||
context_request.go | ||
context_response.go | ||
context_template.go | ||
context_test.go | ||
context.go | ||
csrf.go | ||
org.go | ||
package.go | ||
pagination.go | ||
permission.go | ||
private.go | ||
repo.go | ||
response.go | ||
user.go | ||
utils.go | ||
xsrf_test.go | ||
xsrf.go |