hi all, i've been playing with ImageField and FileField recently and so far they work like a charm.
some questions remain, though: * does django properly sanitize the filename or rather, use safe temp files? i wonder what would happen if i tried to upload a file called "../../traverse.txt"? * how can i enforce a filename on the uploaded file? i want to completely ignore the remote name of the file and instead store it as, for example, {{username}}.jpg * anyone know if the PIL stuff is hardened against image bombs? (small images that expand to gigabytes when expanded to bitmap) would it be feasible to subclass ImageFile and replace the PIL calls with some paranoid homegrown stuff (i.e. ImageMagick), anyone know a starting point for this? -mark --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---