Avoid the use of PIL to determine the image type

Bug #1381284 reported by François Marier on 2014-10-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

Currently, when an image is uploaded, we open it in PIL to check its format:


We should avoid doing that in case there is a vulnerability in PIL since that would compromise the Django process.

Perhaps we should use file or simply trust the mimetype sent by the browser.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers