prosody
c52fcea39c8e
spec/scansion/http_upload.scs

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

spec/scansion/http_upload.scs @ 11315:c52fcea39c8e

mod_http_file_share: Add file type filter Unlike mod_http_upload, this can't be bypassed by uploading with a different file extension.
author Kim Alvefur <zash@zash.se>
date Tue, 26 Jan 2021 14:53:43 +0100
parent 11314:7c8b02c5a335
child 11319:a4b299e37909
line wrap: on
line diff
--- a/spec/scansion/http_upload.scs	Tue Jan 26 14:53:24 2021 +0100
+++ b/spec/scansion/http_upload.scs	Tue Jan 26 14:53:43 2021 +0100
@@ -50,6 +50,19 @@
 		</error>
 	</iq>
 
+Romeo sends:
+	<iq to='upload.localhost' type='get' id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' xml:lang='en'>
+		<request content-type='application/x-executable' filename='evil.exe' xmlns='urn:xmpp:http:upload:0' size='1000'/>
+	</iq>
+
+Romeo receives:
+	<iq id='1401d3b5-7973-486f-85b3-3e63d13c7f0e' from='upload.localhost' type='error'>
+		<error type='modify'>
+			<not-acceptable xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/>
+			<text xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'>File type not allowed</text>
+		</error>
+	</iq>
+
 Romeo disconnects
 
 # recording ended on 2021-01-27T22:10:46Z