novaburst/funquail
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix #374: Strip EXIF metadata from uploaded avatars to avoid leaking private data

Browse source
This commit is contained in:
Eliot Berriot 2019-01-02 12:39:00 +01:00
commit a7d7756545
No known key found for this signature in database
GPG key ID: DD6965E2476E5C27
5 changed files with 54 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
api/funkwhale_api/users/serializers.py
View file

@ -11,7 +11,7 @@ from rest_framework import serializers
from versatileimagefield.serializers import VersatileImageFieldSerializer
from funkwhale_api.activity import serializers as activity_serializers
from funkwhale_api.common import serializers as common_serializers
from . import models
@ -66,7 +66,13 @@ class UserActivitySerializer(activity_serializers.ModelSerializer):
return "Person"
avatar_field = VersatileImageFieldSerializer(allow_null=True, sizes="square")
class AvatarField(
common_serializers.StripExifImageField, VersatileImageFieldSerializer
):
pass
avatar_field = AvatarField(allow_null=True, sizes="square")
class UserBasicSerializer(serializers.ModelSerializer):