projects / brevno-suite / hugo / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 22ef5da) | patch
Always use content to resolve content type in resources.GetRemote
authorBjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>
Thu, 16 Dec 2021 14:12:13 +0000 (15:12 +0100)
committerBjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com>
Fri, 17 Dec 2021 08:50:28 +0000 (09:50 +0100)
commit44954497bcb2d6d589b9340a43323663061c7b42
tree0d0d06b11e462ccff1a908c2b1c4dfd039b82787tree | snapshot
parent22ef5da20d1685dfe6aff3bd9364c9b1f1d0d8f8commit | diff
Always use content to resolve content type in resources.GetRemote

This is a security hardening measure; don't trust the URL extension or any `Content-Type`/`Content-Disposition` header on its own, always look at the file content using Go's `http.DetectContentType`.

This commit also adds ttf and otf media type definitions to Hugo.

Fixes #9302
Fixes #9301
26 files changed:
media/mediaType.go diff | blob | history
media/mediaType_test.go diff | blob | history
media/testdata/reosurce.otf [new file with mode: 0644] blob
media/testdata/resource.css [new file with mode: 0644] blob
media/testdata/resource.csv [new file with mode: 0644] blob
media/testdata/resource.ics [new file with mode: 0644] blob
media/testdata/resource.jpg [new file with mode: 0644] blob
media/testdata/resource.js [new file with mode: 0644] blob
media/testdata/resource.json [new file with mode: 0644] blob
media/testdata/resource.png [new file with mode: 0644] blob
media/testdata/resource.rss [new file with mode: 0644] blob
media/testdata/resource.sass [new file with mode: 0644] blob
media/testdata/resource.scss [new file with mode: 0644] blob
media/testdata/resource.svg [new file with mode: 0644] blob
media/testdata/resource.ttf [new file with mode: 0644] blob
media/testdata/resource.webp [new file with mode: 0644] blob
media/testdata/resource.xml [new file with mode: 0644] blob
resources/images/config.go diff | blob | history
resources/images/filters.go diff | blob | history
resources/postpub/fields_test.go diff | blob | history
resources/resource.go diff | blob | history
resources/resource_factories/create/remote.go diff | blob | history
resources/resource_spec.go diff | blob | history
tpl/resources/resources.go diff | blob | history
tpl/tplimpl/template_funcs_test.go diff | blob | history
tpl/transform/unmarshal.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.