Mercurial > libervia-backend
changeset 3003:e624550d5c24
plugin XEP-0054: reject image without MIME type if it's not PNG
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 14 Jul 2019 16:43:04 +0200 |
parents | 6acaa8244220 |
children | d86cddc1cd05 |
files | sat/plugins/plugin_xep_0054.py |
diffstat | 1 files changed, 14 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/sat/plugins/plugin_xep_0054.py Sun Jul 14 11:23:25 2019 +0200 +++ b/sat/plugins/plugin_xep_0054.py Sun Jul 14 16:43:04 2019 +0200 @@ -234,12 +234,13 @@ try: mime_type = unicode(photo_elt.elements(NS_VCARD, "TYPE").next()) except StopIteration: - log.warning(u"no MIME type found, assuming image/png") - mime_type = u"image/png" + mime_type = None else: if not mime_type: - log.warning(u"empty MIME type, assuming image/png") - mime_type = u"image/png" + # MIME type not know, we'll only support PNG files + # TODO: autodetection using e.g. "magic" module + # (https://pypi.org/project/python-magic/) + mime_type = None elif mime_type not in ("image/gif", "image/jpeg", "image/png"): if mime_type == "image/x-png": # XXX: this old MIME type is still used by some clients @@ -270,6 +271,15 @@ if not buf: log.warning(u"empty avatar for {jid}".format(jid=entity_jid.full())) raise Failure(exceptions.NotFound()) + if mime_type is None: + log.warning(_(u"no MIME type found for {entity}'s avatar, assuming image/png") + .format(entity=entity_jid.full())) + if buf[:8] != b'\x89\x50\x4e\x47\x0d\x0a\x1a\x0a': + log.warning(u"this is not a PNG file, ignoring it") + raise Failure(exceptions.DataError()) + else: + mime_type = u"image/png" + log.debug(_(u"Decoding binary")) decoded = b64decode(buf) del buf