diff options
| author | Jessica Tallon <jessica@megworld.co.uk> | 2014-07-28 23:36:39 +0100 |
|---|---|---|
| committer | Jessica Tallon <jessica@megworld.co.uk> | 2014-07-30 21:53:52 +0100 |
| commit | 5e5d445890c6c555dff48b1613c285da983d71c8 (patch) | |
| tree | 6c04e0e8f2d455c3ebae77d3b6c65939dc388025 /mediagoblin/db | |
| parent | 138d934f014d2c9c54e247298318832e88dceadb (diff) | |
| download | mediagoblin-5e5d445890c6c555dff48b1613c285da983d71c8.tar.lz mediagoblin-5e5d445890c6c555dff48b1613c285da983d71c8.tar.xz mediagoblin-5e5d445890c6c555dff48b1613c285da983d71c8.zip | |
Fix #927 - Clean up federation code after Elrond's review
- Add json_error and use inplace of json_response where appropriate.
- Add garbage_collection to config spec file.
- Fix bugs in both garbage collection task and test
- Handle /api/whoami when no user logged in and a test for such a case.
- Validate ID is correct and user has comment privilege to comment.
Diffstat (limited to 'mediagoblin/db')
| -rw-r--r-- | mediagoblin/db/models.py | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index c6424e71..b3f7e23d 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -683,8 +683,18 @@ class MediaComment(Base, MediaCommentMixin): # Validate inReplyTo has ID if "id" not in data["inReplyTo"]: return False + + # Validate that the ID is correct + try: + media_id = int(data["inReplyTo"]["id"]) + except ValueError: + return False + + media = MediaEntry.query.filter_by(id=media_id).first() + if media is None: + return False - self.media_entry = data["inReplyTo"]["id"] + self.media_entry = media.id self.content = data["content"] return True |