Security fix for image rotations. Add proper permissions, tests and use a form to avoid cross domain forgery attacks

2026-04-25 08:06:14 +00:00 · 2026-04-25 01:06:23 +02:00
parent 0360d53cd6
commit 8a2eee113a
8 changed files with 263 additions and 99 deletions
@@ -22,6 +22,7 @@ from sas.views import (
    ModerationView,
    PictureAskRemovalView,
    PictureEditView,
+    PictureRotateView,
    PictureView,
    SASMainView,
    UserPicturesView,
@@ -52,6 +53,7 @@ urlpatterns = [
        send_compressed,
        name="download_compressed",
    ),
+    path("picture/rotate", PictureRotateView.as_view(), name="picture_rotate"),
    path("picture/<int:picture_id>/download/thumb/", send_thumb, name="download_thumb"),
    path(
        "user/<int:user_id>/pictures/", UserPicturesView.as_view(), name="user_pictures"