From 278d85206d76fdf3d4c73874b30db517b1f211d6 Mon Sep 17 00:00:00 2001
From: Mahmoud Al-Qudsi <mqudsi@neosmart.net>
Date: Fri, 2 Mar 2018 18:13:57 -0600
Subject: [PATCH] Allow mime types to match based off of prefix

The old behavior prevented simple file types like "text/plain" from
being uploaded since browsers upload them with the charset as well (e.g.
`text/plain charset=utf-8`) without specifying all possible charsets.

Additionally, this allows for blanket includes like "text/" or "image/"
by class type.

There should be minimal risk introduced here as mime types are generally
hierarchical, but an alternative approach would be the equivalent of

```
if allowed.endsWith("*") && strings.HasPrefix(fileType,
    allowed.substr(0, allowed.length - 1) { ....
```
---
 routers/repo/attachment.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go
index c2efb11c1..1e16cee5e 100644
--- a/routers/repo/attachment.go
+++ b/routers/repo/attachment.go
@@ -48,7 +48,7 @@ func UploadAttachment(ctx *context.Context) {
 	allowed := false
 	for _, t := range allowedTypes {
 		t := strings.Trim(t, " ")
-		if t == "*/*" || t == fileType {
+		if t == "*/*" || strings.HasPrefix(fileType, t) {
 			allowed = true
 			break
 		}