From a7ec475c40564407fddaa03e86b96db3bd4e951b Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Sun, 20 Aug 2017 15:35:00 +0200
Subject: [PATCH] [SECURITY] Do not allow SVG files for logos

---
 src/pretix/control/forms/event.py     | 2 +-
 src/pretix/control/forms/organizer.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/pretix/control/forms/event.py b/src/pretix/control/forms/event.py
index 0b11c7a94..50983749f 100644
--- a/src/pretix/control/forms/event.py
+++ b/src/pretix/control/forms/event.py
@@ -612,7 +612,7 @@ class DisplaySettingsForm(SettingsForm):
     )
     logo_image = ExtFileField(
         label=_('Logo image'),
-        ext_whitelist=(".png", ".jpg", ".svg", ".gif", ".jpeg"),
+        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your events name and date '
                     'in the page header. We will show your logo with a maximal height of 120 pixels.')
diff --git a/src/pretix/control/forms/organizer.py b/src/pretix/control/forms/organizer.py
index 6549b60e1..b80d7ed62 100644
--- a/src/pretix/control/forms/organizer.py
+++ b/src/pretix/control/forms/organizer.py
@@ -121,7 +121,7 @@ class OrganizerSettingsForm(SettingsForm):
 
     organizer_logo_image = ExtFileField(
         label=_('Logo image'),
-        ext_whitelist=(".png", ".jpg", ".svg", ".gif", ".jpeg"),
+        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your organization name '
                     'in the page header. We will show your logo with a maximal height of 120 pixels.')