Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle the name query param in create issue attachment API #30778

Closed
wants to merge 3 commits into from
Closed

Properly handle the name query param in create issue attachment API #30778

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ac0df17
Properly handle the name query param in create issue attachment API
kemzeb Apr 30, 2024
e954d32
Use an existing function rather than creating a new one
kemzeb Apr 30, 2024
9e8939c
Improve CreateReleaseAttachment() + move original name to Attachment
kemzeb Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions routers/api/v1/repo/issue_attachment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,13 +173,13 @@ func CreateIssueAttachment(ctx *context.APIContext) {
}
defer file.Close()

filename := header.Filename
attachmentName := header.Filename
if query := ctx.FormString("name"); query != "" {
filename = query
attachmentName = query
}

attachment, err := attachment.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{
Name: filename,
attachment, err := attachment.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, header.Filename, &repo_model.Attachment{
Name: attachmentName,
UploaderID: ctx.Doer.ID,
RepoID: ctx.Repo.Repository.ID,
IssueID: issue.ID,
Expand Down
8 changes: 4 additions & 4 deletions routers/api/v1/repo/issue_comment_attachment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,13 +181,13 @@ func CreateIssueCommentAttachment(ctx *context.APIContext) {
}
defer file.Close()

filename := header.Filename
attachmentName := header.Filename
if query := ctx.FormString("name"); query != "" {
filename = query
attachmentName = query
}

attachment, err := attachment.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, &repo_model.Attachment{
Name: filename,
attachment, err := attachment.UploadAttachment(ctx, file, setting.Attachment.AllowedTypes, header.Size, header.Filename, &repo_model.Attachment{
Name: attachmentName,
UploaderID: ctx.Doer.ID,
RepoID: ctx.Repo.Repository.ID,
IssueID: comment.IssueID,
Expand Down
14 changes: 7 additions & 7 deletions routers/api/v1/repo/release_attachment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ func CreateReleaseAttachment(ctx *context.APIContext) {

// Get uploaded file from request
var content io.ReadCloser
var filename string
var attachmentName string
var size int64 = -1

if strings.HasPrefix(strings.ToLower(ctx.Req.Header.Get("Content-Type")), "multipart/form-data") {
Expand All @@ -219,23 +219,23 @@ func CreateReleaseAttachment(ctx *context.APIContext) {

content = file
size = header.Size
filename = header.Filename
attachmentName = header.Filename
if name := ctx.FormString("name"); name != "" {
filename = name
attachmentName = name
}
} else {
content = ctx.Req.Body
filename = ctx.FormString("name")
attachmentName = ctx.FormString("name")
}

if filename == "" {
if attachmentName == "" {
ctx.Error(http.StatusBadRequest, "CreateReleaseAttachment", "Could not determine name of attachment.")
return
}

// Create a new attachment and save the file
attach, err := attachment.UploadAttachment(ctx, content, setting.Repository.Release.AllowedTypes, size, &repo_model.Attachment{
Name: filename,
attach, err := attachment.UploadAttachment(ctx, content, setting.Repository.Release.AllowedTypes, size, attachmentName, &repo_model.Attachment{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original file name string is hiding within an if block that I can't reach. The original behavior shouldn't have changed, but we may encounter the same problem as the issue we're trying to fix had

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can still also have a variable named filename and assign it like you did for attachmentName

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, and I fallback to assigning attachmentName to it in the else block

Name: attachmentName,
UploaderID: ctx.Doer.ID,
RepoID: ctx.Repo.Repository.ID,
ReleaseID: releaseID,
Expand Down
2 changes: 1 addition & 1 deletion routers/web/repo/attachment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func uploadAttachment(ctx *context.Context, repoID int64, allowedTypes string) {
}
defer file.Close()

attach, err := attachment.UploadAttachment(ctx, file, allowedTypes, header.Size, &repo_model.Attachment{
attach, err := attachment.UploadAttachment(ctx, file, allowedTypes, header.Size, header.Filename, &repo_model.Attachment{
Name: header.Filename,
UploaderID: ctx.Doer.ID,
RepoID: repoID,
Expand Down
4 changes: 2 additions & 2 deletions services/attachment/attachment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,12 +39,12 @@ func NewAttachment(ctx context.Context, attach *repo_model.Attachment, file io.R
}

// UploadAttachment upload new attachment into storage and update database
func UploadAttachment(ctx context.Context, file io.Reader, allowedTypes string, fileSize int64, attach *repo_model.Attachment) (*repo_model.Attachment, error) {
func UploadAttachment(ctx context.Context, file io.Reader, allowedTypes string, fileSize int64, originalFileName string, attach *repo_model.Attachment) (*repo_model.Attachment, error) {
buf := make([]byte, 1024)
n, _ := util.ReadAtMost(file, buf)
buf = buf[:n]

if err := upload.Verify(buf, attach.Name, allowedTypes); err != nil {
if err := upload.Verify(buf, originalFileName, allowedTypes); err != nil {
return nil, err
}

Expand Down
2 changes: 1 addition & 1 deletion services/mailer/incoming/incoming_handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
attachmentIDs := make([]string, 0, len(content.Attachments))
if setting.Attachment.Enabled {
for _, attachment := range content.Attachments {
a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), &repo_model.Attachment{
a, err := attachment_service.UploadAttachment(ctx, bytes.NewReader(attachment.Content), setting.Attachment.AllowedTypes, int64(len(attachment.Content)), attachment.Name, &repo_model.Attachment{
Name: attachment.Name,
UploaderID: doer.ID,
RepoID: issue.Repo.ID,
Expand Down