#33965 closed Cleanup/optimization (fixed)
Improve docs for PIL validation of ImageField
Reported by: | Timothy Schilling | Owned by: | Alex Morega |
---|---|---|---|
Component: | Documentation | Version: | 4.1 |
Severity: | Normal | Keywords: | documentation imagefield |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The current docs indicate:
You may also provide any file-like object (e.g., StringIO or BytesIO) as a file handle. If you’re uploading to an ImageField, the object needs a name attribute that passes the validate_image_file_extension validator. For example:
from io import BytesIO img = BytesIO(b'mybinarydata') img.name = 'myimage.jpg'
However, this results in the invalid_image
error for ImageField
when PIL is installed. Some possible code to pass this validation is:
img = BytesIO() Image.new("RGB", (1, 1), "#FF0000").save(img, format='PNG') img.name = 'myimage.png' img.seek(0)
This creates the binary data that's actually an image which passes the underlying PIL.Image.verify()
call.
Change History (8)
comment:1 by , 2 years ago
comment:2 by , 2 years ago
Triage Stage: | Unreviewed → Accepted |
---|---|
Type: | Uncategorized → Cleanup/optimization |
Thanks for the ticket. Agreed, we should improve this example and use a real image in BytesIO()
. I'd prefer Alex's proposition, to avoid unnecessary distraction.
comment:4 by , 2 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
comment:7 by , 2 years ago
Is there any concern that users will be running random byte code? This on the face of it, looks like code that should not be blindly copied and pasted into a codebase because it's difficult to parse what the following actually is. Using PIL to generate an image is more declarative and explicit in what it's doing.
>>> img = BytesIO( ... b'GIF89a\x01\x00\x01\x00\x00\x00\x00!\xf9\x04\x01\x00\x00\x00' ... b'\x00,\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x01\x00\x00' ... )
comment:8 by , 2 years ago
This is a part of the testing tools docs, so I think we don't need to be so precaution 🤔.
FWIW, the call to
Image.new(...).save(...)
looks distracting to me, and makes the example hard to read. PIL can read the 35-byte GIF from this StackOverflow answer: https://stackoverflow.com/a/15960901. I think it works better as an example because it's just a blob of binary.