#30252: ImageField's to_python() stores reference to closed Image object
               Reporter:  Felix Dreissig        |          Owner:  nobody
                   Type:  Bug                   |         Status:  new
              Component:  File uploads/storage  |        Version:  2.1
               Severity:  Normal                |       Keywords:
           Triage Stage:  Unreviewed            |      Has patch:  0
    Needs documentation:  0                     |    Needs tests:  0
Patch needs improvement:  0                     |  Easy pickings:  0
                  UI/UX:  0                     |
 In django.forms.fields.ImageField's `to_python()` method, an uploaded
 image is validated by `open()`ing a PIL.Image object from it and calling
 `verify()` on that. Afterwards, the Image object is saved to an `image`
 attribute of the uploaded file (i.e. an InMemoryUploadedFile). According
 to a comment in the source, this happens so that "subclasses can reuse it
 for their own validation".

 Pillow closes an Image after `verify()`ing and the docs
 state] that it cannot be used after calling `verify` on it:

   If you need to load the image after using this method, you must reopen
 the image file.

 For me, this resulted in the following error when trying to explicitly
 call `save()` on the Image, but similar effects will probably happen for
 any operation:

   File ".../lib/python3.6/site-packages/PIL/Image.py", line 1960, in save
   File ".../lib/python3.6/site-packages/PIL/ImageFile.py", line 165, in
     seek = self.fp.seek
 AttributeError: 'NoneType' object has no attribute 'seek'

 This could be related to #13750, but I don't think so.

Ticket URL: <https://code.djangoproject.com/ticket/30252>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to