Jannis Mattheis 925fb7e2c9 Fix file upload XSS ...

The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.

2022-12-28 20:13:35 +01:00

154 B

13x14px

Raw Permalink History