Opened 9 years ago

Closed 6 years ago

Last modified 6 years ago

#21548 closed New feature (fixed)

Add the ability to limit file extensions for ImageField and FileField

Reported by: Tim Graham Owned by: Berker Peksag
Component: Forms Version: dev
Severity: Normal Keywords:
Cc: anubhav9042@…, berker.peksag@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


ImageField/FileField could have an optional extension whitelist. This could default to being empty for both fields to be totally backwards compatible, or could have sensible defaults for the ImageField based on the file types supported by PIL/low. The documentation should warn that you should not rely on file extensions to determine the actual content type of files.

There are probably some existing implementations we could borrow from, for example:

Change History (11)

comment:1 Changed 8 years ago by Jason Filipe

Owner: changed from nobody to Jason Filipe
Status: newassigned

comment:2 Changed 8 years ago by Jason Filipe

I have a work in progress PR here:

Wanted to get some feedback on the approach before I added some docs.

comment:3 Changed 8 years ago by Jason Filipe

Has patch: set

comment:4 Changed 8 years ago by Tim Graham

Needs documentation: set
Patch needs improvement: set

Hi, I left a comment for improvement on the PR, although it's better to open a PR against Django itself instead of your fork.

comment:5 Changed 8 years ago by ANUBHAV JOSHI

The patch looks good but the validator must be like others as Tim suggested on your PR.
Also adding it to ImageField by default sounds good. I hope we can fix #18543 with it.

comment:6 Changed 8 years ago by ANUBHAV JOSHI

Cc: anubhav9042@… added

comment:7 Changed 6 years ago by Berker Peksag

Cc: berker.peksag@… added
Needs documentation: unset
Owner: changed from Jason Filipe to Berker Peksag
Patch needs improvement: unset

Pull request:


  • Added two validators: FileExtensionValidator and validate_image_file (this one uses FileExtensionValidator with default values from PIL.Image.EXTENSION).
  • Added validate_image_file to ImageField as a default validator.
  • Added tests for FileExtensionValidator, model and form validations.
  • Added documentation and release notes. I probably need to add some note for ImageField docs too.

comment:8 Changed 6 years ago by Tim Graham

Patch needs improvement: set

Left some comments for improvement.

comment:9 Changed 6 years ago by Tim Graham

Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:10 Changed 6 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In 12b4280:

Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension.

comment:11 Changed 6 years ago by Baptiste Mispelon <bmispelon@…>

In a9215b7c:

Refs #21548 -- Skipped tests that rely on pillow when it's not installed

Note: See TracTickets for help on using tickets.
Back to Top