Kemal Zebari 7adc4717ec Include file extension checks in attachment API (#32151) ...

From testing, I found that issue posters and users with repository write
access are able to edit attachment names in a way that circumvents the
instance-level file extension restrictions using the edit attachment
APIs. This snapshot adds checks for these endpoints.

2024-11-06 21:34:32 +00:00

1.5 KiB

Raw Blame History

View Raw