mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-26 01:54:30 +02:00 
			
		
		
		
	Reserve ".png" suffix for user/org names (#23992)
Org/User names ending with ".png" where not functional, so reserve them alternative / close #23908
This commit is contained in:
		
							parent
							
								
									eb397c3e63
								
							
						
					
					
						commit
						2b91841cd3
					
				| @ -537,7 +537,8 @@ var ( | |||||||
| 		"gitea-actions", | 		"gitea-actions", | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"} | 	// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS! | ||||||
|  | 	reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"} | ||||||
| ) | ) | ||||||
| 
 | 
 | ||||||
| // IsUsableUsername returns an error when a username is reserved | // IsUsableUsername returns an error when a username is reserved | ||||||
|  | |||||||
| @ -5,6 +5,7 @@ package integration | |||||||
| 
 | 
 | ||||||
| import ( | import ( | ||||||
| 	"bytes" | 	"bytes" | ||||||
|  | 	"fmt" | ||||||
| 	"image/png" | 	"image/png" | ||||||
| 	"io" | 	"io" | ||||||
| 	"mime/multipart" | 	"mime/multipart" | ||||||
| @ -77,6 +78,16 @@ func TestUserAvatar(t *testing.T) { | |||||||
| 		req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0)) | 		req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0)) | ||||||
| 		_ = session.MakeRequest(t, req, http.StatusOK) | 		_ = session.MakeRequest(t, req, http.StatusOK) | ||||||
| 
 | 
 | ||||||
|  | 		testGetAvatarRedirect(t, user2) | ||||||
|  | 
 | ||||||
| 		// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough. | 		// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough. | ||||||
| 	}) | 	}) | ||||||
| } | } | ||||||
|  | 
 | ||||||
|  | func testGetAvatarRedirect(t *testing.T, user *user_model.User) { | ||||||
|  | 	t.Run(fmt.Sprintf("getAvatarRedirect_%s", user.Name), func(t *testing.T) { | ||||||
|  | 		req := NewRequestf(t, "GET", "/%s.png", user.Name) | ||||||
|  | 		resp := MakeRequest(t, req, http.StatusSeeOther) | ||||||
|  | 		assert.EqualValues(t, fmt.Sprintf("/avatars/%s", user.Avatar), resp.Header().Get("location")) | ||||||
|  | 	}) | ||||||
|  | } | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user