Commit 07202744 authored by Sébastiaan Versteeg's avatar Sébastiaan Versteeg
Browse files

Merge branch '390-404-in-foto-s-otf' into 'master'

Unquote thumbnail URL

Closes #390

See merge request !450
parents a9ddc595 47c1136b
......@@ -14,7 +14,8 @@ from .models import Album, Photo
def validate_uploaded_archive(uploaded_file):
types = ['application/gzip', 'application/zip']
types = ['application/gzip', 'application/zip',
'application/x-gzip']
if magic.from_buffer(uploaded_file.read(), mime=True) not in types:
raise ValidationError("Only zip and tar files are allowed.")
......
......@@ -19,6 +19,7 @@ def _private_thumbnails_unauthed(request, size_fit, original_path):
to the authentication requirements for thumbnails, e.g. when sharing
photo albums with external parties using access tokens.
"""
original_path = urlunquote(original_path)
thumbpath = os.path.join(settings.MEDIA_ROOT, 'thumbnails', size_fit)
path = os.path.normpath(os.path.join(thumbpath, original_path))
if not os.path.commonpath([thumbpath, path]) == thumbpath:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment