Django 4.2.14 (and 5.0.7) fixes of CVE-2024-39330 break thumbnail generation when optimisations is used

[heppstux]

If set up with easy_thumbnails.optimize, generating any thumbnails will throw:

Detected path traversal attempt in '/Users/[redacted]/media/filer_public_thumbnails/filer_public/b8/0c/b80ca369-7e6f-41fd-8abe-9275a921bdaa/fullsizerender.jpeg__210x119_q85_subsampling-2_upscale.jpg'

The exception is thrown in optimize/post_processor.py while attempting to call storage.save with an absolute file name.

This is prevented by django in order to fix CVE-2024-39330.

I'm a bit unsure, if this is an issue for easy_thumbnails or rather Django.

[bmihelac]

Pull request in: https://github.com/SmileyChris/easy-thumbnails/pull/634

If I'm not missing something, the storage save/delete methods should receive a name, not a path.