Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

[1.3.x] Fixed a security issue in image uploading. Disclosure and release forthcoming.

Browse Source 
Backport of dd16b17099b7d86f27773df048c5014cf439b282 from master.
This commit is contained in:
Florian Apolloner 2012-07-30 21:55:23 +02:00
parent 7ca10b1dac
commit 9ca0ff6268
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
django/core/files/images.py
View File

@ -47,13 +47,18 @@ def get_image_dimensions(file_or_path, close=False):
file = open(file_or_path, 'rb') file = open(file_or_path, 'rb')
close = True close = True
try: try:
# Most of the time PIL only needs a small chunk to parse the image and
# get the dimensions, but with some TIFF files PIL needs to parse the
# whole file.
chunk_size = 1024
while 1: while 1:
data = file.read(1024) data = file.read(chunk_size)
if not data: if not data:
break break
p.feed(data) p.feed(data)
if p.image: if p.image:
return p.image.size return p.image.size
chunk_size = chunk_size*2
return None return None
finally: finally:
if close: if close: