should fix #324

author Jakob Kramer <jakob.kramer@gmx.de>

Thu, 2 Jun 2011 15:35:20 +0000 (17:35 +0200)

committer Jakob Kramer <jakob.kramer@gmx.de>

Thu, 2 Jun 2011 15:47:51 +0000 (17:47 +0200)
author Jakob Kramer <jakob.kramer@gmx.de>
Thu, 2 Jun 2011 15:35:20 +0000 (17:35 +0200)
committer Jakob Kramer <jakob.kramer@gmx.de>
Thu, 2 Jun 2011 15:47:51 +0000 (17:47 +0200)
diff --git a/mediagoblin/submit/security.py b/mediagoblin/submit/security.py

new file mode 100644 (file)

index 0000000..db4c860
--- /dev/null
+++ b/mediagoblin/submit/security.py
@@ -0,0 +1,32 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011 Free Software Foundation, Inc
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+from mimetypes import guess_type
+
+from Image import open as image_open
+
+ALLOWED = ['image/jpeg', 'image/png', 'image/tiff', 'image/gif']
+
+def check_filetype(posted_file):
+    if not guess_type(posted_file.filename) in ALLOWED:
+        return False
+
+    try:
+        image = image_open(posted_file.file)
+    except IOError:
+        return False
+
+    return True
author	Jakob Kramer <jakob.kramer@gmx.de>
	Thu, 2 Jun 2011 15:35:20 +0000 (17:35 +0200)
committer	Jakob Kramer <jakob.kramer@gmx.de>
	Thu, 2 Jun 2011 15:47:51 +0000 (17:47 +0200)