From d93912042191d30ff1f7aa41d9f0779a609caca8 Mon Sep 17 00:00:00 2001
From: Josh Qou <97894002+joshqou@users.noreply.github.com>
Date: Thu, 15 Jun 2023 14:23:27 +0100
Subject: Fix unsafe hotserving behaviour for non-multimedia uploads. (#15680)

* Fix unsafe hotserving behaviour for non-multimedia uploads.

* invert disposition assert

* test_media_storage.py: run lint

* test_base.py: /inline/attachment/s

* Only return attachment for disposition type, update tests

* Update synapse/media/_base.py

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* Update changelog.d/15680.bugfix

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>

* add attribution

* Update changelog.

---------

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
---
 changelog.d/15680.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/15680.bugfix

(limited to 'changelog.d')

diff --git a/changelog.d/15680.bugfix b/changelog.d/15680.bugfix
new file mode 100644
index 0000000000..04ac19b4ec
--- /dev/null
+++ b/changelog.d/15680.bugfix
@@ -0,0 +1 @@
+Fix a long-standing bug where media files were served in an unsafe manner. Contributed by @joshqou.
-- 
cgit 1.4.1