diff options
| -rw-r--r-- | mediagoblin/decorators.py | 3 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 12 | ||||
| -rw-r--r-- | mediagoblin/user_pages/views.py | 8 |
3 files changed, 21 insertions, 2 deletions
diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index daeddb3f..2b8343b8 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -268,8 +268,7 @@ def get_media_entry_by_id(controller): @wraps(controller) def wrapper(request, *args, **kwargs): media = MediaEntry.query.filter_by( - id=request.matchdict['media_id'], - state=u'processed').first() + id=request.matchdict['media_id']).first() # Still no media? Okay, 404. if not media: return render_404(request) diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index b15fb2e7..17aea922 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -55,6 +55,10 @@ import mimetypes @get_media_entry_by_id @require_active_login def edit_media(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + if not may_edit_media(request, media): raise Forbidden("User may not edit this media") @@ -115,6 +119,10 @@ UNSAFE_MIMETYPES = [ @get_media_entry_by_id @require_active_login def edit_attachments(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + if mg_globals.app_config['allow_attachments']: form = forms.EditAttachmentsForm() @@ -499,6 +507,10 @@ def change_email(request): @require_active_login @get_media_entry_by_id def edit_metadata(request, media): + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + form = forms.EditMetaDataForm(request.form) if request.method == "POST" and form.validate(): metadata_dict = dict([(row['identifier'],row['value']) diff --git a/mediagoblin/user_pages/views.py b/mediagoblin/user_pages/views.py index 484d27cd..ab235695 100644 --- a/mediagoblin/user_pages/views.py +++ b/mediagoblin/user_pages/views.py @@ -180,6 +180,10 @@ def media_post_comment(request, media): if not request.method == 'POST': raise MethodNotAllowed() + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + comment = request.db.TextComment() comment.actor = request.user.id comment.content = six.text_type(request.form['comment_content']) @@ -232,6 +236,10 @@ def media_preview_comment(request): def media_collect(request, media): """Add media to collection submission""" + # If media is not processed, return NotFound. + if not media.state == u'processed': + return render_404(request) + form = user_forms.MediaCollectForm(request.form) # A user's own collections: form.collection.query = Collection.query.filter_by( |