[SECURITY] Do not allow Pillow to parse EPS files

src/pretix/control/forms/__init__.py

@@ -127,7 +127,7 @@ class ClearableBasenameFileInput(forms.ClearableFileInput):
 
         @property
         def is_img(self):
-            return any(self.file.name.lower().endswith(e) for e in ('.jpg', '.jpeg', '.png', '.gif'))
+            return any(self.file.name.lower().endswith(e) for e in settings.FILE_UPLOAD_EXTENSIONS_IMAGE)
 
         def __str__(self):
             if hasattr(self.file, 'display_name'):

src/pretix/control/forms/organizer.py

@@ -420,7 +420,7 @@ class OrganizerSettingsForm(SettingsForm):
 
     organizer_logo_image = ExtFileField(
         label=_('Header image'),
-        ext_whitelist=(".png", ".jpg", ".gif", ".jpeg"),
+        ext_whitelist=settings.FILE_UPLOAD_EXTENSIONS_IMAGE,
         max_size=settings.FILE_UPLOAD_MAX_SIZE_IMAGE,
         required=False,
         help_text=_('If you provide a logo image, we will by default not show your organization name '
@@ -430,7 +430,7 @@ class OrganizerSettingsForm(SettingsForm):
     )
     favicon = ExtFileField(
         label=_('Favicon'),
-        ext_whitelist=(".ico", ".png", ".jpg", ".gif", ".jpeg"),
+        ext_whitelist=settings.FILE_UPLOAD_EXTENSIONS_FAVICON,
         required=False,
         max_size=settings.FILE_UPLOAD_MAX_SIZE_FAVICON,
         help_text=_('If you provide a favicon, we will show it instead of the default pretix icon. '