Reserve ".png" suffix for user/org names (#23992)
Org/User names ending with ".png" where not functional, so reserve them alternative / close #23908
This commit is contained in:
parent
eb397c3e63
commit
2b91841cd3
2 changed files with 13 additions and 1 deletions
|
@ -537,7 +537,8 @@ var (
|
||||||
"gitea-actions",
|
"gitea-actions",
|
||||||
}
|
}
|
||||||
|
|
||||||
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom"}
|
// DON'T ADD ANY NEW STUFF, WE SOLVE THIS WITH `/user/{obj}` PATHS!
|
||||||
|
reservedUserPatterns = []string{"*.keys", "*.gpg", "*.rss", "*.atom", "*.png"}
|
||||||
)
|
)
|
||||||
|
|
||||||
// IsUsableUsername returns an error when a username is reserved
|
// IsUsableUsername returns an error when a username is reserved
|
||||||
|
|
|
@ -5,6 +5,7 @@ package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"fmt"
|
||||||
"image/png"
|
"image/png"
|
||||||
"io"
|
"io"
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
|
@ -77,6 +78,16 @@ func TestUserAvatar(t *testing.T) {
|
||||||
req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0))
|
req = NewRequest(t, "GET", user2.AvatarLinkWithSize(db.DefaultContext, 0))
|
||||||
_ = session.MakeRequest(t, req, http.StatusOK)
|
_ = session.MakeRequest(t, req, http.StatusOK)
|
||||||
|
|
||||||
|
testGetAvatarRedirect(t, user2)
|
||||||
|
|
||||||
// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough.
|
// Can't test if the response matches because the image is re-generated on upload but checking that this at least doesn't give a 404 should be enough.
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testGetAvatarRedirect(t *testing.T, user *user_model.User) {
|
||||||
|
t.Run(fmt.Sprintf("getAvatarRedirect_%s", user.Name), func(t *testing.T) {
|
||||||
|
req := NewRequestf(t, "GET", "/%s.png", user.Name)
|
||||||
|
resp := MakeRequest(t, req, http.StatusSeeOther)
|
||||||
|
assert.EqualValues(t, fmt.Sprintf("/avatars/%s", user.Avatar), resp.Header().Get("location"))
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue