Comments (6)
KN4CK3R
commented on June 18, 2024
1
I don't think there was a relevant change. But with name=Test you prevent a check of the filename extension. If you remove the name parameter, the upload filename test.jpg is used.
from gitea.
Android-X13
commented on June 18, 2024
I'm pretty sure I could use it in older versions with no problem... I don't remember which version though.
This is how the attachment looks now:
When using the name parameter, instead of the filename test.jpg it would show the name provided.
What is the point of the name parameter in the API docs if it's never used?
from gitea.
KN4CK3R
commented on June 18, 2024
It is used and overrides the upload filename. If you pass name=test2.jpg your upload is named test2.jpg.
from gitea.
kemzeb
commented on June 18, 2024
To add some clarification, the problem you are having is that when you pass name=Test we perform an extension check that honors what is provided in ALLOWED_TYPES in your app.ini's [attachment] section. If you don't explicitly define this key, we have a default that is used (see here for more details). Since Test doesn't have an extension that is known in this list, we will reject it.
You have a few options to solve this:
- Use an extension that is allowed in your attachment name e.g
Test.jpg - If you wish, you could allow all types by either giving the
ALLOWED_TYPESkey nothing or pass a*/*(this is mentioned in the docs given above)
However, if you want to allow a file with no extension, this does not look possible currently given the code that I see. We don't accept empty entries in ALLOWED_TYPES and we always expect at least a . prefix when you pass an extension (e.g. we would allow .webp but ignore webp during verification).
from gitea.
Android-X13
commented on June 18, 2024
@kemzeb thanks for the info.
My intention was not to add a file with no extension. As I've already said above I thought that the name parameter just names the attachment in the web interface. I recall that this was the case in a previous version, but if I'm terribly mistaken then I guess the issue can be closed?
from gitea.
kemzeb
commented on June 18, 2024
No problem.
After exploring the following commits:
- This introduced the issue attachment POST API (2 years ago)
- This introduced the function that the POST endpoint uses which performs the file extension check (3 years ago)
- This introduced file extension checks to that function (4 years ago)
To me it looks like we have been performing these checks on the name query param every since the APIs inception.
from gitea.
Related Issues (20)
- Slash in Docker package HOT 3
- The PRs link in release page will get network error HOT 5
- Reject push if refs contains LFS object unknown to server HOT 4
- Error - FindRecentlyPushedNewBranches, branch does not exist [repo_id: 64 name: main] HOT 26
- Incorrect API response for repositories without avatar HOT 1
- Support of Chocolatey in packages has flaws HOT 2
- v1.22 cannot start with read-only rootfs (regression) HOT 6
- Broken UI in notifications page
- branches sording order changed after update
- Commit section shows only one commit
- Markdown preview not found when Issue tracker and Pull requests are disabled HOT 1
- Telegram webhook error when commit message contains special characters
- git lfs mirror download request maybe shouldn't carry `Accept`
- Api get issue subscriptions HOT 5
- restore failed for docker,it show "Unable to load config file for a installed Gitea instance"
- Feature Request: Add logger.startup.MODE for Dedicated Startup Log Configuration
- More styling options for the Gitea Actions Status Badges HOT 1
- Commit list date column display error HOT 4
- Template errors after update HOT 3
- Sign in not possible behind reverse proxy with sub-path HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitea.