From 3b617946e0ec05cdb251b8fca7692263fc075f5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jes=C3=BAs=20Espino?= <jespinog@gmail.com>
Date: Tue, 28 Mar 2017 15:52:58 +0200
Subject: [PATCH] Limit the svg generation by detecting svg by content

---
 requirements.txt               |  1 +
 taiga/base/utils/thumbnails.py | 13 ++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8877887d..493f2e46 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -37,6 +37,7 @@ netaddr==0.7.19
 serpy==0.1.1
 psd-tools==1.4
 CairoSVG==2.0.1
+python-magic==0.4.13
 cryptography==1.7.1
 PyJWT==1.4.2
 asana==0.6.2
diff --git a/taiga/base/utils/thumbnails.py b/taiga/base/utils/thumbnails.py
index 04e1110e..f5d23628 100644
--- a/taiga/base/utils/thumbnails.py
+++ b/taiga/base/utils/thumbnails.py
@@ -33,17 +33,20 @@ from io import BytesIO
 # SVG thumbnail generator
 try:
     from cairosvg.surface import PNGSurface
+    import magic
 
-    def _accept(prefix):
-        return "svg" in str(prefix.lower())
+    def svg_image_factory(fp, filename):
+        mime_type = magic.from_buffer(fp.read(1024), mime=True)
+        if mime_type != "image/svg+xml":
+            raise TypeError
 
-    def svg_image_factory(data, *args):
-        png_data = PNGSurface.convert(data.read())
+        fp.seek(0)
+        png_data = PNGSurface.convert(fp.read())
         return PngImageFile(BytesIO(png_data))
 
     Image.register_mime("SVG", "image/svg+xml")
     Image.register_extension("SVG", ".svg")
-    Image.register_open("SVG", svg_image_factory, _accept)
+    Image.register_open("SVG", svg_image_factory)
 except Exception:
     pass