prosody
c52fcea39c8e
spec/scansion/http_upload.scs
Software / code / prosody
Comparison
spec/scansion/http_upload.scs @ 11315:c52fcea39c8e
mod_http_file_share: Add file type filter
Unlike mod_http_upload, this can't be bypassed by uploading with a
different file extension.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Tue, 26 Jan 2021 14:53:43 +0100 |
| parent | 11314:7c8b02c5a335 |
| child | 11319:a4b299e37909 |
comparison
equal
deleted
inserted
replaced
| 11314:7c8b02c5a335 | 11315:c52fcea39c8e |
|---|---|
| 48 <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> | 48 <bad-request xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> |
| 49 <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Invalid filename</text> | 49 <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>Invalid filename</text> |
| 50 </error> | 50 </error> |
| 51 </iq> | 51 </iq> |
| 52 | 52 |
| 53 Romeo sends: | |
| 54 <iq to='upload.localhost' type='get' id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' xml:lang='en'> | |
| 55 <request content-type='application/x-executable' filename='evil.exe' xmlns='urn:xmpp:http:upload:0' size='1000'/> | |
| 56 </iq> | |
| 57 | |
| 58 Romeo receives: | |
| 59 <iq id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' from='upload.localhost' type='error'> | |
| 60 <error type='modify'> | |
| 61 <not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/> | |
| 62 <text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File type not allowed</text> | |
| 63 </error> | |
| 64 </iq> | |
| 65 | |
| 53 Romeo disconnects | 66 Romeo disconnects |
| 54 | 67 |
| 55 # recording ended on 2021-01-27T22:10:46Z | 68 # recording ended on 2021-01-27T22:10:46Z |
