colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
sharded-gotify/api
History
Jannis Mattheis 925fb7e2c9 Fix file upload XSS 
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
 		2022-12-28 20:13:35 +01:00
..
stream Update docs 2022-12-03 10:45:07 +01:00
application.go Fix file upload XSS 2022-12-28 20:13:35 +01:00
application_test.go Fix file upload XSS 2022-12-28 20:13:35 +01:00
client.go Update docs 2022-12-03 10:45:07 +01:00
client_test.go Use v2 in package path 2020-05-08 10:43:17 +02:00
errorHandling.go Return 500 server error on database failures (#191) 2019-05-25 08:37:24 +02:00
errorHandling_test.go Return 500 server error on database failures (#191) 2019-05-25 08:37:24 +02:00
health.go Use v2 in package path 2020-05-08 10:43:17 +02:00
health_test.go Use v2 in package path 2020-05-08 10:43:17 +02:00
internalutil.go Allow delete for > uint32 ids 2020-07-01 19:44:06 +02:00
message.go Update docs 2022-12-03 10:45:07 +01:00
message_test.go Use golangci-lint 2020-11-01 10:47:02 +01:00
plugin.go Update docs 2022-12-03 10:45:07 +01:00
plugin_test.go Use golangci-lint 2020-11-01 10:47:02 +01:00
tokens.go Use v2 in package path 2020-05-08 10:43:17 +02:00
tokens_test.go Use crypto/rand for token generation (#161) 2019-03-16 11:10:28 +01:00
user.go Update docs 2022-12-03 10:45:07 +01:00
user_test.go Add registration 2021-08-04 19:39:43 +02:00