Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Catch and handle unallowed file type errors in issue attachment API #30791

Merged
merged 2 commits into from
May 2, 2024
Merged

Catch and handle unallowed file type errors in issue attachment API #30791

merged 2 commits into from
May 2, 2024

Conversation

kemzeb
Copy link
Contributor

@kemzeb kemzeb commented Apr 30, 2024

Before, we would just throw 500 if a user passes an attachment that is not an allowed type. This commit catches this error and throws a 422 instead since this should be considered a validation error.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Apr 30, 2024
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Apr 30, 2024
@github-actions github-actions bot added modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code labels Apr 30, 2024
@kemzeb
Catch and handle unallowed file type errors in issue attachment API
a685d7b 
Before, we would just throw 500 if a user passes an attachment that
is not an allowed type (whether this means its sniffed MIME type or
its file extension). This commit catches this error and throws a 422
instead since this is a validation error.
@kemzeb kemzeb force-pushed the fix-api-attachment branch from 53e65fa to a685d7b Compare April 30, 2024 20:27
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 1, 2024
@lunny lunny added this to the 1.23.0 milestone May 1, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 2, 2024
@wxiaoguang wxiaoguang added type/bug backport/v1.22 This PR should be backported to Gitea 1.22 labels May 2, 2024
@wxiaoguang wxiaoguang enabled auto-merge (squash) May 2, 2024 16:07
@wxiaoguang wxiaoguang added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label May 2, 2024
@wxiaoguang wxiaoguang merged commit 872caa1 into go-gitea:main May 2, 2024
26 checks passed
GiteaBot pushed a commit to GiteaBot/gitea that referenced this pull request May 2, 2024
@kemzeb @GiteaBot
Catch and handle unallowed file type errors in issue attachment API (g…
0118320 
…o-gitea#30791)

Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.
@GiteaBot GiteaBot mentioned this pull request May 2, 2024
Merged
@GiteaBot GiteaBot added backport/done All backports for this PR have been created and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels May 2, 2024
wxiaoguang pushed a commit that referenced this pull request May 2, 2024
@GiteaBot @kemzeb
Catch and handle unallowed file type errors in issue attachment API (#…
665a06c 
…30791) (#30834)

Backport #30791 by kemzeb

Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
@kemzeb kemzeb deleted the fix-api-attachment branch May 3, 2024 08:44
zjjhot added a commit to zjjhot/gitea that referenced this pull request May 3, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
6e5359c 
* giteaofficial/main: (30 commits)
  Improve grep search (go-gitea#30843)
  Don't only list code-enabled repositories when using repository API (go-gitea#30817)
  Fix no edit history after editing issue's title and content (go-gitea#30814)
  Ignore useless error message "broken pipe" (go-gitea#30801)
  Fix JS error on pull request page (go-gitea#30838)
  Fix body margin shifting with modals, fix error on project column edit (go-gitea#30831)
  Improve repo button row layout (go-gitea#30668)
  refactor: merge ListActionTasks func to action.go file (go-gitea#30811)
  Prevent automatic OAuth grants for public clients (go-gitea#30790)
  Catch and handle unallowed file type errors in issue attachment API (go-gitea#30791)
  Fix incorrect message id for releaes email (go-gitea#30825)
  Add hover outline to heatmap squares (go-gitea#30828)
  Remove external API calls in `TestPassword` (go-gitea#30716)
  Upgrade chi-binding (go-gitea#30826)
  Improve context popup rendering (go-gitea#30824)
  Fix activity heat map padding & locale (go-gitea#30823)
  Fix issue card layout (go-gitea#30800)
  Fix branch selector UI (go-gitea#30803)
  Fix rounded border for segment followed by pagination (go-gitea#30809)
  Skip gzip for some well-known compressed file types (go-gitea#30796)
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Aug 1, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@wxiaoguang wxiaoguang wxiaoguang approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/v1.22 This PR should be backported to Gitea 1.22 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
4 participants
@kemzeb @lunny @wxiaoguang @GiteaBot