colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sharded-gotify/test
History
Jannis Mattheis 925fb7e2c9 Fix file upload XSS 
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
 		2022-12-28 20:13:35 +01:00
..
assets Fix file upload XSS 2022-12-28 20:13:35 +01:00
testdb Add registration 2021-08-04 19:39:43 +02:00
asserts.go Fix typos 2019-06-27 19:04:48 +02:00
asserts_test.go Use v2 in package path 2020-05-08 10:43:17 +02:00
auth.go Use v2 in package path 2020-05-08 10:43:17 +02:00
auth_test.go Use v2 in package path 2020-05-08 10:43:17 +02:00
filepath.go Use golangci-lint 2020-11-01 10:47:02 +01:00
filepath_test.go Update linter 2022-05-29 19:45:45 +02:00
tmpdir.go Use golangci-lint 2020-11-01 10:47:02 +01:00
tmpdir_test.go Add plugin feature 2019-02-09 12:52:01 +01:00
token.go Use crypto/rand for token generation (#161) 2019-03-16 11:10:28 +01:00
token_test.go Use crypto/rand for token generation (#161) 2019-03-16 11:10:28 +01:00