vikunja/pkg/files
kolaente 94f42bd6b2 fix(files): derive file size from reader at creation boundary
Authoritative size now comes from the reader instead of the caller's
claim in CreateWithMimeAndSession. The migration import path accepts
attacker-controlled metadata (GHSA-qh78-rvg3-cv54), so trusting
realsize for the limit check allowed oversized uploads to be accepted
and stored.

measureReaderSize leaves the reader seeked to 0 so the measured value
matches the bytes storage backends will actually write.
2026-04-09 16:22:56 +00:00
..
db.go feat: register Vikunja tables with db package at init 2026-03-04 15:37:54 +01:00
diagnostics_unix.go feat(doctor): add user namespace detection and improved storage diagnostics (#2180) 2026-02-01 11:57:35 +01:00
diagnostics_windows.go feat(doctor): add user namespace detection and improved storage diagnostics (#2180) 2026-02-01 11:57:35 +01:00
dump.go fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
error.go fix(attachments): extend upload file size to form data (#1577) 2025-09-30 22:23:07 +00:00
filehandling.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
files.go fix(files): derive file size from reader at creation boundary 2026-04-09 16:22:56 +00:00
files_test.go fix(files): derive file size from reader at creation boundary 2026-04-09 16:22:56 +00:00
main_test.go feat: move to slog for logging 2025-07-21 18:15:39 +02:00
repair.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
s3_test.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage_local.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage_local_test.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage_mem.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage_mem_test.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
storage_s3.go refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00