"Like FileField, but validates that the uploaded object is a valid
image. Has two extra optional arguments:"
http://docs.djangoproject.com/en/dev/ref/models/fields/#imagefield
I went cruising the source to try and work out what tests are
implemented to define "a valid image" but didn't get much
satisfaction. There seemed to be a fair bit of talk about dimensions
but nothing about much else. I was thinking/hoping to find something
which inspected the binary stream to ensure the .jpg/.gif/.png/.bmp
fit its applicable formats.
Question is "What is the definition of a 'valid image'" in this
context?"
and, optionally, where is the source code for that?
t.i.a.
On Mar 15, 7:56 pm, john2095 <john...@pobox.com> wrote:
> Question is "What is the definition of a 'valid image'" in this
> context?"
> and, optionally, where is the source code for that?
My understanding from what I've read is that most of the heavy lifting
for image handling is done by PIL (Python Imaging Library) <
http://www.pythonware.com/products/pil/ >.
I've been getting into using virtualenv and as part of that I've been
doing some PIL easy_installs. One PIL install was built with the jpeg
library and when I tried uploading a jpeg image file, all went well.
Another PIL was built without the jpeg library and when I tried to
upload a jpeg image file, Django complained that the image wasn't in a
recognized format.
So, I assume Django is passing the file to PIL and asking if the file
is in a format that PIL can deal with and is in a valid format.
The PIL documentation may be able to clarify how it validates images.
Toodle-loooooooo............
creecode
My question is about the assumption...
As far as I can find, it actually only uses PIL to read the file and
return the dimensions. The code looks like if PIL throws an error
because it can't parse the file then the error will be ignored. I'll
have to rig up a test to see what really happens here. See:
http://code.djangoproject.com/browser/django/trunk/django/core/files/images.py#L35
I can't find another usage. At this point, I suspect that if any
errors pop up they are the side-effect of trying to establish the
dimensions and not any specific attempt to validate the image against
a set of criteria.
For those who missed it my question it was:
What constitutes a 'valid' image?
The documentation states "ImageField... Like FileField, but validates
that the uploaded object is a valid image."
Maybe I should post this on the developers list? Would that upset
them?
most of them read this list
--
regards
Kenneth Gonsalves
Senior Associate
NRC-FOSS
http://certificate.nrcfoss.au-kbc.org.in
I haven't read through the code, but the error must be caught
somewhere because I just tested it out.
Trying to upload in the admin a random file with a png extension
throws a ValidationError:
"Upload a valid image. The file you uploaded was either not an image
or a corrupted image."
My guess is just that if PIL can open it, its an image, if not, it
throws the error.
Peter
Maybe I should post this on the developers list?
trial_image = Image.open(file)
trial_image.verify()
See: http://www.pythonware.com/library/pil/handbook/image.htm
On Mar 17, 11:54 pm, Karen Tracey <kmtra...@gmail.com> wrote:
>
> Validation of image fields is done at the form field level, see:
>
> http://code.djangoproject.com/browser/django/trunk/django/forms/field...
>
> Karen
I've got this in my model:
class Photo(models.Model):
image = models.ImageField(upload_to='photos')
and this in my view:
try:
p = Photo()
p.image = request.FILES['Filedata']
p.save()
return HttpResponse('OK')
...
Yet if I do this:
curl -F Filedata=@nasty.exe http://mysite/photo/upload/
It seems quite happy to save the .exe
Can someone please confirm the same test result? I wouldn't like to
say "security advisory" prematurely.
Thanks.
Models don't have validation, forms have validation. If it passed
through a forms.ImageField it would get rejected as invalid.
Cheers
Tom
Just for anyone who stumbles over this thread and wants to know how it
ends...
In this application I'm not using a form (uploadify is a flash-based
file sender) but I can still take advantage of the django.forms
validation routines by invoking ImageField without a form. This seems
to work:
def upload(request):
from django.forms import ImageField, ValidationError
try:
photo = ImageField().clean(request.FILES['Filedata'])
except ValidationError:
return HttpResponse("I don't think that's an image.")
On Mar 22, 9:04 pm, Tom Evans <tevans...@googlemail.com> wrote:
> On Mon, Mar 22, 2010 at 6:51 AM, john2095 <john...@pobox.com> wrote:
> > But does this all amount to an expectation that it will restrict the
> > upload to an image??
>
> > I've got this in my model:
>
> > class Photo(models.Model):
> > image = models.ImageField(upload_to='photos')
>
> > and this in my view:
> > try:
> > p = Photo()
> > p.image = request.FILES['Filedata']
> > p.save()
> > return HttpResponse('OK')
> > ...
>
> > Yet if I do this:
>
> > curl -F Fileda...@nasty.exehttp://mysite/photo/upload/