from django_resized import ResizedImageField
class UserProfilePhoto(Model):
photo = ResizedImageField(size=[128, 128], upload_to=MEDIA_ROOT)
photo_hash = BigIntegerField(
blank=True,
null=True,
help_text=_("an integer representation of the hexdigest hash of the photo"),
)
def __str__(self):
return f"{self.photo.name} ({self.photo_hash})"
I used to have a save() operation in the model, which would do the resizing but now I'm using Django-resized because after all that figuring out how to resize the photo and generate a hash value it turns out there is a module to do it already.
I'm adding a picture to the userprofilephoto in the admin.
SuspiciousFileOperation at /admin/userprofile/userprofilephoto/add/
Detected path traversal attempt in '/app/mine/media/mendlebrot-lawn.jpeg'
How do you turn off the error or the validation?
To answer some questions in advance:
No. I'm not going to go back to ImageField() It gave me the same problem with lots more code.
The upload_to
argument is intended to specify a subdirectory or callable to determine where uploaded files should be stored relative to the MEDIA_ROOT
, not an absolute path like you're currently using.
Issue is MEDIA_ROOT
is an absolute path pointing to the root of your media files , but upload_to
is meant to handle subpath within MEDIA_ROOT
. using the absolute path in upload_to
may be interpreted as a path traversal attempt.
You should upload upload_to
to specify a relative directory within MEDIA_ROOT
rather than using absolute MEDIA_ROOT
directly.
class UserProfilePhoto(Model):
....
photo = ResizedImageField(size=[128, 128],
upload_to="user_photos/")
....
Here the upload_to="user_photos/"
tells Django to store uploaded images in a subdirectory called user_photos
under the MEDIA_ROOT
directory.