From 04483bdac3b5196737516398b5ce0383875a5c60 Mon Sep 17 00:00:00 2001
From: lethanhphuc <31820707+noobpk@users.noreply.github.com>
Date: Thu, 18 Nov 2021 10:42:02 +0700
Subject: [PATCH] Add `att.full_clean()` before saving

Fix issue https://github.com/django-helpdesk/django-helpdesk/issues/983
Also, fix bug stored XSS disclosure: https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/
---
 helpdesk/lib.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/helpdesk/lib.py b/helpdesk/lib.py
index 07d655c39..da853990b 100644
--- a/helpdesk/lib.py
+++ b/helpdesk/lib.py
@@ -145,6 +145,7 @@ def process_attachments(followup, attached_files):
                 'application/octet-stream',
                 size=attached.size,
             )
+            att.full_clean()
             att.save()
 
             if attached.size < max_email_attachment_size: