diff options
Diffstat (limited to 'mediagoblin/edit/views.py')
-rw-r--r-- | mediagoblin/edit/views.py | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 61b2cb82..111f9ae8 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -106,9 +106,8 @@ def edit_attachments(request, media): form = forms.EditAttachmentsForm() # Add any attachements - if ('attachment_file' in request.form - and isinstance(request.form['attachment_file'], FieldStorage) - and request.form['attachment_file'].file): + if 'attachment_file' in request.files \ + and request.files['attachment_file']: # Security measure to prevent attachments from being served as # text/html, which will be parsed by web clients and pose an XSS @@ -121,13 +120,13 @@ def edit_attachments(request, media): # machine parsing the upload form, and not necessarily the machine # serving the attachments. if mimetypes.guess_type( - request.form['attachment_file'].filename)[0] in \ + request.files['attachment_file'].filename)[0] in \ UNSAFE_MIMETYPES: public_filename = secure_filename('{0}.notsafe'.format( - request.form['attachment_file'].filename)) + request.files['attachment_file'].filename)) else: public_filename = secure_filename( - request.form['attachment_file'].filename) + request.files['attachment_file'].filename) attachment_public_filepath \ = mg_globals.public_store.get_unique_filepath( @@ -139,13 +138,13 @@ def edit_attachments(request, media): try: attachment_public_file.write( - request.form['attachment_file'].file.read()) + request.files['attachment_file'].stream.read()) finally: - request.form['attachment_file'].file.close() + request.files['attachment_file'].stream.close() media.attachment_files.append(dict( name=request.form['attachment_name'] \ - or request.form['attachment_file'].filename, + or request.files['attachment_file'].filename, filepath=attachment_public_filepath, created=datetime.utcnow(), )) @@ -154,9 +153,9 @@ def edit_attachments(request, media): messages.add_message( request, messages.SUCCESS, - "You added the attachment %s!" \ + _("You added the attachment %s!") \ % (request.form['attachment_name'] - or request.form['attachment_file'].filename)) + or request.files['attachment_file'].filename)) return exc.HTTPFound( location=media.url_for_self(request.urlgen)) @@ -276,12 +275,12 @@ def edit_collection(request, collection): # and userid. slug_used = check_collection_slug_used(request.db, collection.creator, request.form['slug'], collection.id) - + # Make sure there isn't already a Collection with this title existing_collection = request.db.Collection.find_one({ 'creator': request.user._id, 'title':request.form['title']}) - + if existing_collection and existing_collection.id != collection.id: messages.add_message( request, messages.ERROR, |