Reject MIME parts with unsupported encoding
What does this MR do and why?
Contributes to #340366
Based of previously reverted - !77688 (merged)
Problem
Golang mime
package skips processing unsupported encodings (see
https://sourcegraph.com/github.com/golang/go@0fd0639e4c429e147d33bfc42654fcd651f4449f/-/blob/src/mime/mediatype.go?L247).
Because of that workhorse does not incercept the upload and skip sanitization for filename value.
Solution
Sanitize "Content-Disposition" header
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vasilii Iakliushin