aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mediagoblin/edit/views.py23
-rw-r--r--mediagoblin/storage/cloudfiles.py5
-rw-r--r--mediagoblin/user_pages/routing.py2
3 files changed, 16 insertions, 14 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 61b2cb82..2d42ff0b 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -106,9 +106,8 @@ def edit_attachments(request, media):
form = forms.EditAttachmentsForm()
# Add any attachements
- if ('attachment_file' in request.form
- and isinstance(request.form['attachment_file'], FieldStorage)
- and request.form['attachment_file'].file):
+ if 'attachment_file' in request.files \
+ and request.files['attachment_file']:
# Security measure to prevent attachments from being served as
# text/html, which will be parsed by web clients and pose an XSS
@@ -121,13 +120,13 @@ def edit_attachments(request, media):
# machine parsing the upload form, and not necessarily the machine
# serving the attachments.
if mimetypes.guess_type(
- request.form['attachment_file'].filename)[0] in \
+ request.files['attachment_file'].filename)[0] in \
UNSAFE_MIMETYPES:
public_filename = secure_filename('{0}.notsafe'.format(
- request.form['attachment_file'].filename))
+ request.files['attachment_file'].filename))
else:
public_filename = secure_filename(
- request.form['attachment_file'].filename)
+ request.files['attachment_file'].filename)
attachment_public_filepath \
= mg_globals.public_store.get_unique_filepath(
@@ -139,13 +138,13 @@ def edit_attachments(request, media):
try:
attachment_public_file.write(
- request.form['attachment_file'].file.read())
+ request.files['attachment_file'].stream.read())
finally:
- request.form['attachment_file'].file.close()
+ request.files['attachment_file'].stream.close()
media.attachment_files.append(dict(
name=request.form['attachment_name'] \
- or request.form['attachment_file'].filename,
+ or request.files['attachment_file'].filename,
filepath=attachment_public_filepath,
created=datetime.utcnow(),
))
@@ -156,7 +155,7 @@ def edit_attachments(request, media):
request, messages.SUCCESS,
"You added the attachment %s!" \
% (request.form['attachment_name']
- or request.form['attachment_file'].filename))
+ or request.files['attachment_file'].filename))
return exc.HTTPFound(
location=media.url_for_self(request.urlgen))
@@ -276,12 +275,12 @@ def edit_collection(request, collection):
# and userid.
slug_used = check_collection_slug_used(request.db, collection.creator,
request.form['slug'], collection.id)
-
+
# Make sure there isn't already a Collection with this title
existing_collection = request.db.Collection.find_one({
'creator': request.user._id,
'title':request.form['title']})
-
+
if existing_collection and existing_collection.id != collection.id:
messages.add_message(
request, messages.ERROR,
diff --git a/mediagoblin/storage/cloudfiles.py b/mediagoblin/storage/cloudfiles.py
index ced3beb3..1b5a6363 100644
--- a/mediagoblin/storage/cloudfiles.py
+++ b/mediagoblin/storage/cloudfiles.py
@@ -104,10 +104,13 @@ class CloudFilesStorage(StorageInterface):
mimetype = mimetypes.guess_type(
filepath[-1])
- if mimetype:
+ if mimetype[0]:
# Set the mimetype on the CloudFiles object
obj.content_type = mimetype[0]
obj.metadata = {'mime-type': mimetype[0]}
+ else:
+ obj.content_type = 'application/octet-stream'
+ obj.metadata = {'mime-type': 'application/octet-stream'}
return CloudFilesStorageObjectWrapper(obj, *args, **kwargs)
diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py
index 35e1bd6e..8162e641 100644
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@@ -78,4 +78,4 @@ add_route('mediagoblin.edit.edit_media',
add_route('mediagoblin.edit.attachments',
'/u/<string:user>/m/<string:media>/attachments/',
- 'mediagoblin.user_pages.views:edit_attachments')
+ 'mediagoblin.edit.views:edit_attachments')
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-13 05:24:51 +0000