← Back to branch summary

~ubuntu-branches/ubuntu/saucy/python-django/saucy-updates

« back to all changes in this revision

Viewing changes to django/forms/fields.py

  • Committer: Package Import Robot
  • Author(s): Raphaël Hertzog
  • Date: 2012-08-02 10:44:02 UTC
  • mfrom: (1.2.13)
  • mto: This revision was merged to the branch mainline in revision 39.
  • Revision ID: package-import@ubuntu.com-20120802104402-pc04sj64wnrf4348
Tags: upstream-1.4.1
Import upstream version 1.4.1

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/forms/fields.py
570
570
                file = StringIO(data['content'])
571
571
 
572
572
        try:
573
 
            # load() is the only method that can spot a truncated JPEG,
574
 
            #  but it cannot be called sanely after verify()
575
 
            trial_image = Image.open(file)
576
 
            trial_image.load()
577
 
 
578
 
            # Since we're about to use the file again we have to reset the
579
 
            # file object if possible.
580
 
            if hasattr(file, 'reset'):
581
 
                file.reset()
582
 
 
583
 
            # verify() is the only method that can spot a corrupt PNG,
584
 
            #  but it must be called immediately after the constructor
585
 
            trial_image = Image.open(file)
586
 
            trial_image.verify()
 
573
            # load() could spot a truncated JPEG, but it loads the entire
 
574
            # image in memory, which is a DoS vector. See #3848 and #18520.
 
575
            # verify() must be called immediately after the constructor.
 
576
            Image.open(file).verify()
587
577
        except ImportError:
588
578
            # Under PyPy, it is possible to import PIL. However, the underlying
589
579
            # _imaging C module isn't available, so an ImportError will be