Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[1.4.x] Fixed a security issue in image uploading. Disclosure and rel…

…ease forthcoming.

Backport of dd16b17 from master.
  • Loading branch information...
commit da33d67181b53fe6cc737ac1220153814a1509f6 1 parent 94e91f7
Florian Apolloner apollo13 authored
Showing with 6 additions and 1 deletion.
  1. +6 −1 django/core/files/images.py
7 django/core/files/images.py
View
@@ -47,13 +47,18 @@ def get_image_dimensions(file_or_path, close=False):
file = open(file_or_path, 'rb')
close = True
try:
+ # Most of the time PIL only needs a small chunk to parse the image and
+ # get the dimensions, but with some TIFF files PIL needs to parse the
+ # whole file.
+ chunk_size = 1024
while 1:
- data = file.read(1024)
+ data = file.read(chunk_size)
if not data:
break
p.feed(data)
if p.image:
return p.image.size
+ chunk_size = chunk_size*2
return None
finally:
if close:
Please sign in to comment.
Something went wrong with that request. Please try again.