From 5603d4df8fcf1a7a5b85906dad0049d7e79cce6c Mon Sep 17 00:00:00 2001
From: Jakob Kramer <jakob.kramer@gmx.de>
Date: Thu, 2 Jun 2011 17:35:20 +0200
Subject: should fix #324

---
 mediagoblin/submit/security.py | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 mediagoblin/submit/security.py

(limited to 'mediagoblin/submit/security.py')

diff --git a/mediagoblin/submit/security.py b/mediagoblin/submit/security.py
new file mode 100644
index 00000000..db4c860d
--- /dev/null
+++ b/mediagoblin/submit/security.py
@@ -0,0 +1,32 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 Free Software Foundation, Inc
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from mimetypes import guess_type
+
+from Image import open as image_open
+
+ALLOWED = ['image/jpeg', 'image/png', 'image/tiff', 'image/gif']
+
+def check_filetype(posted_file):
+    if not guess_type(posted_file.filename) in ALLOWED:
+        return False
+
+    try:
+        image = image_open(posted_file.file)
+    except IOError:
+        return False
+
+    return True
-- 
cgit v1.2.3


From fe4ffb860fcf211406861a726c64439435964f4c Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Mon, 6 Jun 2011 07:57:05 -0500
Subject: Added a comment to clarify that this shouldn't stay here.

---
 mediagoblin/submit/security.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'mediagoblin/submit/security.py')

diff --git a/mediagoblin/submit/security.py b/mediagoblin/submit/security.py
index db4c860d..5a06a499 100644
--- a/mediagoblin/submit/security.py
+++ b/mediagoblin/submit/security.py
@@ -24,6 +24,8 @@ def check_filetype(posted_file):
     if not guess_type(posted_file.filename) in ALLOWED:
         return False
 
+    # TODO: This should be handled by the processing stage.  We should
+    # handle error detection there.
     try:
         image = image_open(posted_file.file)
     except IOError:
-- 
cgit v1.2.3