[openstreetmap/openstreetmap-website] Upload profile picture with standard image formats (#3097)

Tom Hughes notifications at github.com
Tue Feb 16 08:41:10 UTC 2021


Do you have any evidence that this is creating a security hole? That we're somehow handling those files in a way that  is impacting security?

At the very least there are obvious extensions like BMP, TIFF and SVG missing, all of which I am pretty sure that people are using.

Better would be to ask the storage pipeline if it is able to handle the file as an image.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3097#issuecomment-779678313
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210216/e1186d4a/attachment.htm>


More information about the rails-dev mailing list