p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed a security issue in image uploading. Disclosure and release forthcoming.

This commit is contained in:
Florian Apolloner 2012-07-30 21:54:29 +02:00
parent e567f439bd
commit dd16b17099
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
django/core/files/images.py
View File

@ -47,13 +47,18 @@ def get_image_dimensions(file_or_path, close=False):
file = open(file_or_path, 'rb') file = open(file_or_path, 'rb')
close = True close = True
try: try:
# Most of the time PIL only needs a small chunk to parse the image and
# get the dimensions, but with some TIFF files PIL needs to parse the
# whole file.
chunk_size = 1024
while 1: while 1:
data = file.read(1024) data = file.read(chunk_size)
if not data: if not data:
break break
p.feed(data) p.feed(data)
if p.image: if p.image:
return p.image.size return p.image.size
chunk_size = chunk_size*2
return None return None
finally: finally:
if close: if close: