Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-09 06:55:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

test/html is cause of xss

Browse Source
This commit is contained in:
nazoking
2015-01-30 15:32:53 +09:00
parent da55bf6af3
commit 9ba564c864
5 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/scala/app/IssuesController.scala
View File

@@ -292,8 +292,7 @@ trait IssuesControllerBase extends ControllerBase {
(Directory.getAttachedDir(repository.owner, repository.name) match {
case dir if(dir.exists && dir.isDirectory) =>
dir.listFiles.find(_.getName.startsWith(params("file") + ".")).map { file =>
contentType = FileUtil.getMimeType(file.getName)
file
outputUploadedRawData(FileUtil.getMimeType(file.getName), file)
}
case _ => None
}) getOrElse NotFound