[1.4.x] Fixed a security issue in image uploading. Disclosure and rel…

…ease forthcoming.

Backport of dd16b17 from master.
apollo13 committed Jul 30, 2012
1 parent 94e91f7 commit da33d67181b53fe6cc737ac1220153814a1509f6
Showing with 6 additions and 1 deletion.
  1. +6 −1 django/core/files/
@@ -47,13 +47,18 @@ def get_image_dimensions(file_or_path, close=False):
file = open(file_or_path, 'rb')
close = True
# Most of the time PIL only needs a small chunk to parse the image and
# get the dimensions, but with some TIFF files PIL needs to parse the
# whole file.
chunk_size = 1024
while 1:
data =
data =
if not data:
if p.image:
return p.image.size
chunk_size = chunk_size*2
return None
if close:

