Securedrop: Image uploaded by journalist is always saved as a PNG file

Created on 21 Feb 2018  路  3Comments  路  Source: freedomofpress/securedrop

Bug

Description

Regardless of the type of image the journalist uploads (JPG, JPEG or PNG), the image securedrop/static/i/logo.png is always saved with a .png extension. This leads to image viewing applications not being able to read and display the file correctly.

Steps to Reproduce

As an Admin, navigate to 'Instance Configuration' in the journalist app, and upload a JPG/JPEG image as logo.

Open 'logo.png' in the directory securedrop/static/i/.

Expected Behavior

The image should be displayed without any errors.

Actual Behavior

screenshot from 2018-02-21 05-32-52

Comments

Tested using Gnome eog on Debian Stretch.

bug

All 3 comments

Good catch @aydwi - we should:

  1. disallow JPG, JPEG uploads (in the form) and
  2. note clearly in the text in the interface that only png is allowed.

Are you interested in creating a fix for this bug? :smile:

I just wrote a fix. It replaces .png with the correct file extension using Python Pillow.

I think that disallowing JPG/JPEG uploads will reduce the ease of usage. Many people won't have a logo available in PNG, and it will take additional effort for them to convert the image first. I can do it the way you suggested as well. Thoughts?

Excellent - converting JPG/JPEG uploads to PNG is even better.

Was this page helpful?
0 / 5 - 0 ratings