Validate uploaded album archives with libmagic

f141ad7b · Tom van Bussel · d30ccd62 · f141ad7b · f141ad7b
Commit f141ad7b authored Mar 09, 2017 by Tom van Bussel
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,3 +12,4 @@ djangorestframework>=3.5.3,<3.6
 django-ical>=1.4,<2
 django-libsass>=0.7,<1
 django-cors-headers>=2.0.0,<2.1
+python-magic>=0.4.13,<0.5
--- a/website/photos/admin.py
+++ b/website/photos/admin.py
+import magic
 import os
 import tarfile
 from zipfile import ZipFile, is_zipfile, ZipInfo
@@ -14,7 +15,7 @@ from .models import Album, Photo

 def validate_uploaded_archive(uploaded_file):
    types = ['application/gzip', 'application/zip']
-    if uploaded_file.content_type not in types:
+    if magic.from_buffer(uploaded_file.read(), mime=True) not in types:
        raise ValidationError("Only zip and tar files are allowed.")