Commit Graph

24 Commits

Author SHA1 Message Date
kolaente 39da47e435 fix: detect and fail on oversized zip entries instead of silent truncation
Replace io.LimitReader with a new readZipEntry helper that reads one extra
byte to detect when content exceeds maxZipEntrySize (500MB). This prevents
silent data corruption where partial file bytes would be stored as if the
upload succeeded.

The import now fails with ErrFileTooLarge instead of accepting truncated
content for attachments and background blobs.
2026-02-25 13:01:00 +01:00
kolaente 9d19a04550 fix(migration): use checked type assertion for background file id 2026-02-25 13:01:00 +01:00
kolaente fc5ab844de fix(migration): limit zip entry read size to prevent decompression bombs 2026-02-25 13:01:00 +01:00
kolaente 6815cdbda4 fix(migration): reject zip entries with path traversal in vikunja-file import 2026-02-25 13:01:00 +01:00
John Starich 591a646f84 refactor: remove environment variable requirements for go test 2026-02-17 18:01:05 +01:00
kolaente ca83ad1f98 feat: move to slog for logging 2025-07-21 18:15:39 +02:00
Dominik Pschenitschni 296577a875
fix: correct license header references (#882)
See originals:
- https://www.gnu.org/licenses/agpl-3.0.txt
- https://www.gnu.org/licenses/gpl-3.0.txt
2025-06-10 12:18:38 +02:00
kolaente d522d40773
fix(migration): do not fail when an attachment is too large
Resolves https://vikunja.sentry.io/issues/6389417364/events/d79bdea146b54a9dace8c81e3f787975/
2025-03-21 18:03:27 +01:00
kolaente 3d5d17336e
fix(migration): return proper error when uploaded file is not a zip file
Resolves https://vikunja.sentry.io/share/issue/73a7b6f60b3e446e949d072016f31c22/
2025-01-09 14:32:24 +01:00
kolaente ebfd5f54d2
fix(migration): ensure project background gets exported and imported 2024-08-12 17:18:07 +02:00
kolaente ec6e3e99e0
chore: check if import zip contains a VERSION file 2024-01-14 22:21:55 +01:00
kolaente c05f51b923
chore(deps): update golangci-lint rules 2023-12-19 13:34:31 +01:00
kolaente b2f3a23cb3
fix(import): correctly set child project relations 2023-09-07 10:45:15 +02:00
kolaente ce3a06f03b
fix(import): don't fail when importing from dev exports 2023-09-07 10:11:59 +02:00
kolaente e518fb1191
chore: remove year from copyright headers
Resolves https://kolaente.dev/vikunja/api/pulls/1483
2023-09-01 08:32:28 +02:00
kolaente 4b55e2ce03
fix(migration): make file migration work with new structure 2023-05-24 15:51:56 +02:00
kolaente afe756e4c1
fix(tests): make the tests compile again 2023-05-24 15:51:55 +02:00
kolaente 386e218b95
feat(migration): use new structure for migration 2023-05-24 15:51:54 +02:00
Dominik Pschenitschni 8edbca39cf fix: accept for migrations 2023-04-03 05:20:18 +00:00
kolaente 823c817b1f
fix(import): don't try to load a nonexistant attachment file 2023-03-26 15:42:25 +02:00
kolaente fb818ea186
fix: test import 2023-03-13 14:28:06 +01:00
kolaente 349e6a5905
feat: rename lists to projects 2023-03-13 14:28:06 +01:00
kolaente 5cf263a86f
feat: upgrade golangci-lint to 1.45.2 2022-03-27 16:55:37 +02:00
konrad 90146aea5b User Data Export and import (#967)
Co-authored-by: kolaente <k@knt.li>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/967
Co-authored-by: konrad <k@knt.li>
Co-committed-by: konrad <k@knt.li>
2021-09-04 19:26:31 +00:00