From 43e052ebd587cd9a183aed6bb3557f459eec8b71 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Dlouh=C3=BD?= <petr.dlouhy@email.cz>
Date: Wed, 22 Feb 2023 12:39:28 -0600
Subject: [PATCH] check if image is not corrupted during upload (#218)

---
 avatar/forms.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/avatar/forms.py b/avatar/forms.py
index 745bae3..27ffd5e 100644
--- a/avatar/forms.py
+++ b/avatar/forms.py
@@ -5,6 +5,7 @@ from django.forms import widgets
 from django.template.defaultfilters import filesizeformat
 from django.utils.safestring import mark_safe
 from django.utils.translation import gettext_lazy as _
+from PIL import Image, ImageOps
 
 from avatar.conf import settings
 from avatar.models import Avatar
@@ -82,6 +83,12 @@ class UploadAvatarForm(forms.Form):
                 }
             )
 
+        try:
+            image = Image.open(data)
+            ImageOps.exif_transpose(image)
+        except TypeError:
+            raise forms.ValidationError(_("Corrupted image"))
+
         count = Avatar.objects.filter(user=self.user).count()
         if 1 < settings.AVATAR_MAX_AVATARS_PER_USER <= count:
             error = _(