forgejo/modules
silverwind cda44750cb
Attachments: Add extension support, allow all types for releases ()
* Attachments: Add extension support, allow all types for releases

- Add support for file extensions, matching the `accept` attribute of `<input type="file">`
- Add support for type wildcard mime types, e.g. `image/*`
- Create repository.release.ALLOWED_TYPES setting (default unrestricted)
- Change default for attachment.ALLOWED_TYPES to a list of extensions
- Split out POST /attachments into two endpoints for issue/pr and
  releases to prevent circumvention of allowed types check

Fixes: https://github.com/go-gitea/gitea/pull/10172
Fixes: https://github.com/go-gitea/gitea/issues/7266
Fixes: https://github.com/go-gitea/gitea/pull/12460
Ref: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/file#Unique_file_type_specifiers

* rename function

* extract GET routes out of RepoMustNotBeArchived

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-05 01:49:33 -04:00
..
analyze Exclude generated files from language statistics () 2020-05-29 09:20:01 +03:00
auth hCaptcha Support () 2020-10-02 23:37:53 -04:00
avatar Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) () 2020-09-06 20:53:33 +01:00
base Use a simple format for the big number on ui () 2020-09-16 00:07:18 -04:00
cache Allow common redis and leveldb connections () 2020-09-28 00:09:46 +03:00
charset Ensure that the detected charset order is set in chardet test () 2020-08-23 14:15:29 +01:00
context Return sample message for login error in api context () 2020-10-04 17:39:31 -04:00
convert [] Add Timestamp to Tag list API () 2020-10-05 12:07:54 +08:00
cron Mirror System Notice reports are too frequent () 2020-08-05 21:40:36 +01:00
emoji Fix emoji detection in certain cases () 2020-07-25 16:40:04 +03:00
eventsource Move EventSource to SharedWorker () 2020-07-03 10:55:36 +01:00
generate Add gitea-vet () 2020-04-05 07:20:50 +01:00
git Fix 500 on README in submodule () 2020-10-02 09:27:44 -04:00
gitgraph Render the git graph on the server () 2020-08-06 09:04:08 +01:00
graceful Set TLS minimum version to 1.2 () 2020-09-02 23:37:49 +01:00
hcaptcha hCaptcha Support () 2020-10-02 23:37:53 -04:00
highlight Escape failed highlighted code () 2020-09-02 16:19:42 -04:00
httplib Add golangci () 2019-06-12 15:41:28 -04:00
indexer fix: use Base36 for all code indexers () 2020-09-14 13:40:07 +03:00
lfs LFS support to be stored on minio () 2020-09-08 23:45:10 +08:00
log Re-attempt to delete temporary upload if the file is locked by another process () 2020-08-11 21:05:34 +01:00
markup fix: media links in org files not liked to media files () 2020-10-01 11:22:34 -04:00
metrics Prometheus endpoint () 2018-11-04 22:20:00 -05:00
migrations Hopefully support GH enterprise () 2020-09-21 10:36:51 -04:00
nosql Allow common redis and leveldb connections () 2020-09-28 00:09:46 +03:00
notification Fix repository create/delete event webhooks () 2020-10-02 10:37:46 +01:00
options Rename scripts to build and add revive command as a new build tool command () 2020-04-03 22:29:12 +03:00
password Check passwords against HaveIBeenPwned () 2020-09-08 17:06:39 -05:00
pprof Add golangci () 2019-06-12 15:41:28 -04:00
private Rename models.ProtectedBranchRepoID to models.EnvRepoID and ensure EnvPusherEmail is set () 2020-08-30 08:24:39 +01:00
process Only write to global gitconfig if necessary () 2020-06-13 17:47:31 -04:00
public fix go1.15 lint error in modules/public/public.go () 2020-09-04 16:15:54 +03:00
queue Fix the issue reported on () 2020-09-28 19:00:54 -04:00
recaptcha hCaptcha Support () 2020-10-02 23:37:53 -04:00
references Add spent time to referenced issue in commit message () 2020-09-04 11:37:37 -04:00
repofiles Add configurable Trust Models () 2020-09-20 00:44:55 +08:00
repository Completely quote AppPath and CustomConf paths () 2020-09-28 21:16:52 -04:00
secret Attachments: Add extension support, allow all types for releases () 2020-10-05 01:49:33 -04:00
session Allow common redis and leveldb connections () 2020-09-28 00:09:46 +03:00
setting Attachments: Add extension support, allow all types for releases () 2020-10-05 01:49:33 -04:00
ssh log.Fatal on failure to listen to SSH port () 2020-03-23 07:59:38 +00:00
storage Add default storage configurations () 2020-09-29 12:05:13 +03:00
structs [] Add Timestamp to Tag list API () 2020-10-05 12:07:54 +08:00
svg Fix filepath basename on Windows for SVG bindata () 2020-07-13 21:16:40 +01:00
sync Fix missing unlock in uniquequeue () 2020-01-15 23:58:33 +02:00
task [API] Migration: Change ServiceType String () 2020-09-10 23:29:19 +01:00
templates Use a simple format for the big number on ui () 2020-09-16 00:07:18 -04:00
test Macaron 1.5 () 2020-08-27 22:47:17 -04:00
timeutil Fix timezone on issue deadline () 2020-06-05 18:51:10 -04:00
upload Attachments: Add extension support, allow all types for releases () 2020-10-05 01:49:33 -04:00
user Add gitea-vet () 2020-04-05 07:20:50 +01:00
util Completely quote AppPath and CustomConf paths () 2020-09-28 21:16:52 -04:00
validation [API] Get a single commit via Ref () 2020-04-07 22:54:46 -04:00
webhook Refactor webhook payload convertion () 2020-09-04 22:57:13 -04:00