[openstreetmap/openstreetmap-website] Upload profile picture with standard image formats (#3097)
Tom Hughes
notifications at github.com
Tue Feb 16 08:41:10 UTC 2021
Do you have any evidence that this is creating a security hole? That we're somehow handling those files in a way that is impacting security?
At the very least there are obvious extensions like BMP, TIFF and SVG missing, all of which I am pretty sure that people are using.
Better would be to ask the storage pipeline if it is able to handle the file as an image.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3097#issuecomment-779678313
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210216/e1186d4a/attachment.htm>
More information about the rails-dev
mailing list