From 5c91352bae1cd0ddaf0723fee987d6229e7bf8e8 Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Sun, 20 Aug 2017 15:35:00 +0200
Subject: [PATCH] [SECURITY] Do not allow SVG files for logos

---
 src/pretix/control/forms/event.py     | 2 +-
 src/pretix/control/forms/organizer.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/control/forms/event.py b/src/pretix/control/forms/event.py
index 35d1e0c7d..e3201a790 100644
--- a/src/pretix/control/forms/event.py
+++ b/src/pretix/control/forms/event.py
@@ -704,7 +704,7 @@ class DisplaySettingsForm(SettingsForm):
     )
     logo_image = ExtFileField(
         label=_('Logo image'),
-        ext_whitelist=(".png", ".jpg", ".svg", ".gif", ".jpeg"),
+        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your events name and date '
                     'in the page header. We will show your logo with a maximal height of 120 pixels.')
diff --git a/src/pretix/control/forms/organizer.py b/src/pretix/control/forms/organizer.py
index fbd6f3a45..7469b009c 100644
--- a/src/pretix/control/forms/organizer.py
+++ b/src/pretix/control/forms/organizer.py
@@ -128,7 +128,7 @@ class OrganizerSettingsForm(SettingsForm):
 
     organizer_logo_image = ExtFileField(
         label=_('Logo image'),
-        ext_whitelist=(".png", ".jpg", ".svg", ".gif", ".jpeg"),
+        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your organization name '
                     'in the page header. We will show your logo with a maximal height of 120 pixels.')