From: Magnus Hagander Date: Thu, 2 Nov 2017 08:10:27 +0000 (+0100) Subject: Validate uploaded slides using magic library X-Git-Url: http://git.postgresql.org/gitweb/static/session/%7B%7Bsession.id%7D%7D-%7B%7Bsession.title%7Cslugify%7D%7D?a=commitdiff_plain;h=83d61a8c88c302be14b71166671ee65de2c21f86;p=pgeu-website.git Validate uploaded slides using magic library Instead of relying on the browser supplied MIME-code, validate the uploaded slides are PDF format by using the magic library. --- diff --git a/postgresqleu/confreg/forms.py b/postgresqleu/confreg/forms.py index 1d187f4..fa9540c 100644 --- a/postgresqleu/confreg/forms.py +++ b/postgresqleu/confreg/forms.py @@ -20,6 +20,13 @@ from postgresqleu.countries.models import Country from datetime import datetime, date import requests +import magic + + +# Globally load and cache the magicdb +magicdb = magic.open(magic.MIME) +magicdb.load() + class ConferenceRegistrationForm(forms.ModelForm): additionaloptions = forms.ModelMultipleChoiceField(widget=forms.CheckboxSelectMultiple, @@ -417,8 +424,10 @@ class SessionSlidesFileForm(forms.Form): if not self.cleaned_data.has_key('f') or not self.cleaned_data['f']: return f = self.cleaned_data['f'] - if f.content_type != 'application/pdf': - raise ValidationError("Uploaded files must be mime type PDF only, not %s" % f.content_type) + mtype = magicdb.buffer(f.read()) + if not mtype.startswith('application/pdf'): + raise ValidationError("Uploaded files must be mime type PDF only, not %s" % mtype) + f.seek(0) if not f.name.endswith('.pdf'): raise ValidationError("Uploaded files must have a filename ending in PDF") return f