hi all,
i've been playing with ImageField and FileField recently and so
far they work like a charm.
some questions remain, though:
* does django properly sanitize the filename or rather, use
safe temp files? i wonder what would happen if i tried to
upload a file called "../../traverse.txt"?
* how can i enforce a filename on the uploaded file?
i want to completely ignore the remote name of the file
and instead store it as, for example, {{username}}.jpg
* anyone know if the PIL stuff is hardened against image bombs?
(small images that expand to gigabytes when expanded to bitmap)
would it be feasible to subclass ImageFile and replace the PIL
calls with some paranoid homegrown stuff (i.e. ImageMagick),
anyone know a starting point for this?
-mark
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
