From 63dd4f53220fa7a1962d69f1ea17ab03438bfd2a Mon Sep 17 00:00:00 2001
From: Russell Keith-Magee <russell@keith-magee.com>
Date: Fri, 14 Sep 2007 07:18:27 +0000
Subject: [PATCH] Fixed #3848 -- Added more comprehensive checks to ImageField
 validation, checking for image truncation or corruption. Thanks to Andrew C
 <andrewc-djangotrac1@piffle.org> for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6175 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/core/validators.py | 13 +++++++++----
 django/newforms/fields.py | 13 +++++++++----
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/django/core/validators.py b/django/core/validators.py
index fd28ba4ef8..7611aef921 100644
--- a/django/core/validators.py
+++ b/django/core/validators.py
@@ -181,10 +181,15 @@ def isValidImage(field_data, all_data):
     except TypeError:
         raise ValidationError, _("No file was submitted. Check the encoding type on the form.")
     try:
-        Image.open(StringIO(content))
-    except (IOError, OverflowError): # Python Imaging Library doesn't recognize it as an image
-        # OverflowError is due to a bug in PIL with Python 2.4+ which can cause 
-        # it to gag on OLE files. 
+        # load() is the only method that can spot a truncated JPEG,
+        #  but it cannot be called sanely after verify()
+        trial_image = Image.open(StringIO(content))
+        trial_image.load()
+        # verify() is the only method that can spot a corrupt PNG,
+        #  but it must be called immediately after the constructor
+        trial_image = Image.open(StringIO(content))
+        trial_image.verify()
+    except Exception: # Python Imaging Library doesn't recognize it as an image
         raise ValidationError, _("Upload a valid image. The file you uploaded was either not an image or a corrupted image.")
 
 def isValidImageURL(field_data, all_data):
diff --git a/django/newforms/fields.py b/django/newforms/fields.py
index 522a4c9bf7..d83cb6cde2 100644
--- a/django/newforms/fields.py
+++ b/django/newforms/fields.py
@@ -393,10 +393,15 @@ class ImageField(FileField):
         from PIL import Image
         from cStringIO import StringIO
         try:
-            Image.open(StringIO(f.content))
-        except (IOError, OverflowError): # Python Imaging Library doesn't recognize it as an image
-            # OverflowError is due to a bug in PIL with Python 2.4+ which can cause 
-            # it to gag on OLE files. 
+            # load() is the only method that can spot a truncated JPEG,
+            #  but it cannot be called sanely after verify()
+            trial_image = Image.open(StringIO(f.content))
+            trial_image.load()
+            # verify() is the only method that can spot a corrupt PNG,
+            #  but it must be called immediately after the constructor
+            trial_image = Image.open(StringIO(f.content))
+            trial_image.verify()
+        except Exception: # Python Imaging Library doesn't recognize it as an image
             raise ValidationError(ugettext(u"Upload a valid image. The file you uploaded was either not an image or a corrupted image."))
         return f