BookStack

starred/BookStack

Fork 0

mirror of https://github.com/BookStackApp/BookStack.git synced 2026-05-04 18:08:46 +03:00

Commit Graph

Author	SHA1	Message	Date
Dan Brown	c7e2b487c1	Attachments: Aligned ZipExportAttachment link validation With controller routes. Don't consider this as a security issue, since the filtered URLs by that validation are very likely to be blocked by browser security or CSP, and there's a level of assumed privilege to the users that are able to create such attachments links already. Closes #6093	2026-04-12 15:17:31 +01:00
Dan Brown	59cfc087e1	ZIP Imports: Added image type validation/handling Images were missing their extension after import since it was (potentially) not part of the import data. This adds validation via mime sniffing (to match normal image upload checks) and also uses the same logic to sniff out a correct extension. Added tests to cover. Also fixed some existing tests around zip functionality.	2024-11-18 17:42:49 +00:00

Author

SHA1

Message

Date

Dan Brown

c7e2b487c1

Attachments: Aligned ZipExportAttachment link validation

With controller routes.
Don't consider this as a security issue, since the filtered URLs
by that validation are very likely to be blocked by browser security
or CSP, and there's a level of assumed privilege to the users that
are able to create such attachments links already.

Closes #6093

2026-04-12 15:17:31 +01:00

Dan Brown

59cfc087e1

ZIP Imports: Added image type validation/handling

Images were missing their extension after import since it was
(potentially) not part of the import data.
This adds validation via mime sniffing (to match normal image upload
checks) and also uses the same logic to sniff out a correct extension.

Added tests to cover.
Also fixed some existing tests around zip functionality.

2024-11-18 17:42:49 +00:00

2 Commits