[1.3.x] Fixed a security issue in image uploading. Disclosure and release forthcoming.

Backport of dd16b17099b7d86f27773df048c5014cf439b282 from master.
author: Florian Apolloner <florian@apolloner.eu> 2012-07-30 21:55:23 +0200
committer: Florian Apolloner <florian@apolloner.eu> 2012-07-30 21:55:23 +0200
commit: 9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155 (patch)
tree: 05ebaac14ee5dea3f4e869ee846ef9ffda9c7f8b
parent: 7ca10b1dac758924f9bbd219880cc17a537c5e47 (diff)
download: django-9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/django/core/files/images.py b/django/core/files/images.py
index 228a7118c5..7d7eac65db 100644
--- a/django/core/files/images.py
+++ b/django/core/files/images.py
@@ -47,13 +47,18 @@ def get_image_dimensions(file_or_path, close=False):
         file = open(file_or_path, 'rb')
         close = True
     try:
+        # Most of the time PIL only needs a small chunk to parse the image and
+        # get the dimensions, but with some TIFF files PIL needs to parse the
+        # whole file.
+        chunk_size = 1024
         while 1:
-            data = file.read(1024)
+            data = file.read(chunk_size)
             if not data:
                 break
             p.feed(data)
             if p.image:
                 return p.image.size
+            chunk_size = chunk_size*2
         return None
     finally:
         if close:
author	Florian Apolloner <florian@apolloner.eu>	2012-07-30 21:55:23 +0200
committer	Florian Apolloner <florian@apolloner.eu>	2012-07-30 21:55:23 +0200
commit	9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155 (patch)
tree	05ebaac14ee5dea3f4e869ee846ef9ffda9c7f8b
parent	7ca10b1dac758924f9bbd219880cc17a537c5e47 (diff)
download	django-9ca0ff6268eeff92d0d0ac2c315d4b6a8e229155.tar.gz