Commit f141ad7b authored by Tom van Bussel's avatar Tom van Bussel
Browse files

Validate uploaded album archives with libmagic

parent d30ccd62
......@@ -12,3 +12,4 @@ djangorestframework>=3.5.3,<3.6
django-ical>=1.4,<2
django-libsass>=0.7,<1
django-cors-headers>=2.0.0,<2.1
python-magic>=0.4.13,<0.5
import magic
import os
import tarfile
from zipfile import ZipFile, is_zipfile, ZipInfo
......@@ -14,7 +15,7 @@ from .models import Album, Photo
def validate_uploaded_archive(uploaded_file):
types = ['application/gzip', 'application/zip']
if uploaded_file.content_type not in types:
if magic.from_buffer(uploaded_file.read(), mime=True) not in types:
raise ValidationError("Only zip and tar files are allowed.")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment