Closed yunimoo closed 2 days ago
Potential solution for https://github.com/janeczku/calibre-web/issues/3044
This PR adds in mimetype checking to ensure that files being uploaded are not maliciously disguised.
Create a bash script:
# test.sh #!/bin/bash echo "Hello World!"
Rename the bash script: (Ensure that server allows epub)
epub
mv test.sh test.epub
Upload the file to confirm that it is not possible as the mimetype is read differently.
Potential solution for https://github.com/janeczku/calibre-web/issues/3044
This PR adds in mimetype checking to ensure that files being uploaded are not maliciously disguised.
Create a bash script:
Rename the bash script: (Ensure that server allows
epub
)Upload the file to confirm that it is not possible as the mimetype is read differently.