forked from extern/django-helpdesk
Add att.full_clean()
before saving
Fix issue https://github.com/django-helpdesk/django-helpdesk/issues/983 Also, fix bug stored XSS disclosure: https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/
This commit is contained in:
parent
2c7065e0c4
commit
04483bdac3
@ -145,6 +145,7 @@ def process_attachments(followup, attached_files):
|
||||
'application/octet-stream',
|
||||
size=attached.size,
|
||||
)
|
||||
att.full_clean()
|
||||
att.save()
|
||||
|
||||
if attached.size < max_email_attachment_size:
|
||||
|
Loading…
Reference in New Issue
Block a user