[SECURITY] Do not allow Pillow to parse EPS files

2023-09-11 18:57:08 +02:00
parent b16680e0e5
commit 7545e92373
13 changed files with 60 additions and 27 deletions
--- a/src/pretix/control/forms/organizer.py
+++ b/src/pretix/control/forms/organizer.py
@@ -420,7 +420,7 @@ class OrganizerSettingsForm(SettingsForm):

    organizer_logo_image = ExtFileField(
        label=_('Header image'),
-        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
+        ext_whitelist=settings.FILE_UPLOAD_EXTENSIONS_IMAGE,
        max_size=settings.FILE_UPLOAD_MAX_SIZE_IMAGE,
        required=False,
        help_text=_('If you provide a logo image, we will by default not show your organization name '
@@ -430,7 +430,7 @@ class OrganizerSettingsForm(SettingsForm):
    )
    favicon = ExtFileField(
        label=_('Favicon'),
-        ext_whitelist=(".ico", ".png", ".jpg", ".gif", ".jpeg"),
+        ext_whitelist=settings.FILE_UPLOAD_EXTENSIONS_FAVICON,
        required=False,
        max_size=settings.FILE_UPLOAD_MAX_SIZE_FAVICON,
        help_text=_('If you provide a favicon, we will show it instead of the default pretix icon. '