CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

[SECURITY] Do not allow Pillow to parse EPS files

Browse Source
This commit is contained in:
Raphael Michel
2023-09-11 18:57:08 +02:00
parent b16680e0e5
commit 7545e92373
13 changed files with 60 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pretix/base/models/orders.py
View File

@@ -1264,7 +1264,7 @@ class QuestionAnswer(models.Model):
@property
def is_image(self):
return any(self.file.name.lower().endswith(e) for e in ('.jpg', '.png', '.gif', '.tiff', '.bmp', '.jpeg'))
return any(self.file.name.lower().endswith(e) for e in settings.FILE_UPLOAD_EXTENSIONS_QUESTION_IMAGE)
@property
def file_name(self):