mirror of
https://github.com/ae-utbm/sith.git
synced 2025-07-11 04:19:25 +00:00
Check that uploaded images are actually images
This commit is contained in:
@ -1,16 +1,29 @@
|
||||
from pathlib import Path
|
||||
from typing import Annotated
|
||||
from typing import Annotated, Any
|
||||
|
||||
from annotated_types import MinLen
|
||||
from django.contrib.staticfiles.storage import staticfiles_storage
|
||||
from django.db.models import Q
|
||||
from django.urls import reverse
|
||||
from django.utils.text import slugify
|
||||
from django.utils.translation import gettext as _
|
||||
from haystack.query import SearchQuerySet
|
||||
from ninja import FilterSchema, ModelSchema, Schema
|
||||
from ninja import FilterSchema, ModelSchema, Schema, UploadedFile
|
||||
from pydantic import AliasChoices, Field
|
||||
from pydantic_core.core_schema import ValidationInfo
|
||||
|
||||
from core.models import Group, SithFile, User
|
||||
from core.utils import is_image
|
||||
|
||||
|
||||
class UploadedImage(UploadedFile):
|
||||
@classmethod
|
||||
def _validate(cls, v: Any, info: ValidationInfo) -> Any:
|
||||
super()._validate(v, info)
|
||||
if not is_image(v):
|
||||
msg = _("This file is not a valid image")
|
||||
raise ValueError(msg)
|
||||
return v
|
||||
|
||||
|
||||
class SimpleUserSchema(ModelSchema):
|
||||
|
@ -22,6 +22,7 @@ from typing import Final
|
||||
import PIL
|
||||
from django.conf import settings
|
||||
from django.core.files.base import ContentFile
|
||||
from django.core.files.uploadedfile import UploadedFile
|
||||
from django.http import HttpRequest
|
||||
from django.utils.timezone import localdate
|
||||
from PIL import ExifTags
|
||||
@ -111,6 +112,18 @@ def get_semester_code(d: date | None = None) -> str:
|
||||
return "P" + str(start.year)[-2:]
|
||||
|
||||
|
||||
def is_image(file: UploadedFile):
|
||||
try:
|
||||
im = PIL.Image.open(file.file)
|
||||
im.verify()
|
||||
# go back to the start of the file, without closing it.
|
||||
# Otherwise, further checks on django side will fail
|
||||
file.seek(0)
|
||||
except PIL.UnidentifiedImageError:
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
def resize_image(
|
||||
im: Image, edge: int, img_format: str, *, optimize: bool = True
|
||||
) -> ContentFile:
|
||||
|
Reference in New Issue
Block a user