colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sharded-gotify/test/assets
History
Jannis Mattheis 925fb7e2c9 Fix file upload XSS 
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
 		2022-12-28 20:13:35 +01:00
..
image-header-with.html Fix file upload XSS 2022-12-28 20:13:35 +01:00
image.png Add UploadApplicationImage API 2018-03-31 18:44:49 +02:00
text.txt Add UploadApplicationImage API 2018-03-31 18:44:49 +02:00