Uploading Images and PIL
Take Satoh
stksee at yahoo.co.jp
Mon Aug 7 20:24:17 EDT 2000
Hello,
I recently developped a simple cgi to
handle file(image) upload with PIL(Python Imaging Library).
It really works fine, PIL is a nice work!
and now I have a question.
My cgi program deal with uploaded data as following and
I am wondering wheather
there is any possibility that some commands may run on
server by uploading unexpected data by malicious clients.
I think some image formats may contain script inside
and some might be executed when "Image.open()" is called.
Is above correct? And is it safe to disclose following code to public?
---------------
import Image,cgi;
.....
u_file=cgi.FieldStorage()["fieldname"];
im=Image.open(u_file.file);
im=im.resize((150,120));
im.save("filename");
----------------
More information about the Python-list
mailing list