server

mirror of https://github.com/gotify/server.git synced 2026-05-07 22:06:38 +08:00

Files

Jannis Mattheis 925fb7e2c9 Fix file upload XSS

The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.

2022-12-28 20:13:35 +01:00

stream

Update docs

2022-12-03 10:45:07 +01:00

application_test.go

Fix file upload XSS

2022-12-28 20:13:35 +01:00

application.go

Fix file upload XSS

2022-12-28 20:13:35 +01:00

client_test.go

Use v2 in package path

2020-05-08 10:43:17 +02:00

client.go

Update docs

2022-12-03 10:45:07 +01:00

errorHandling_test.go

Return 500 server error on database failures (#191 )

2019-05-25 08:37:24 +02:00

errorHandling.go

Return 500 server error on database failures (#191 )

2019-05-25 08:37:24 +02:00

health_test.go

Use v2 in package path

2020-05-08 10:43:17 +02:00

health.go

Use v2 in package path

2020-05-08 10:43:17 +02:00

internalutil.go

Allow delete for > uint32 ids

2020-07-01 19:44:06 +02:00

message_test.go

Use golangci-lint

2020-11-01 10:47:02 +01:00

message.go

Update docs

2022-12-03 10:45:07 +01:00

plugin_test.go

Use golangci-lint

2020-11-01 10:47:02 +01:00

plugin.go

Update docs

2022-12-03 10:45:07 +01:00

tokens_test.go

Use crypto/rand for token generation (#161 )

2019-03-16 11:10:28 +01:00

tokens.go

Use v2 in package path

2020-05-08 10:43:17 +02:00

user_test.go

Add registration

2021-08-04 19:39:43 +02:00

user.go

Update docs

2022-12-03 10:45:07 +01:00