1 files changed, 26 insertions, 7 deletions

diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 69f69da5..717241e8 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -1,4 +1,4 @@
-# GNU MediaGoblin -- federated, autonomous media hosting
+
 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
@@ -55,6 +55,10 @@ import mimetypes
 @get_media_entry_by_id
 @require_active_login
 def edit_media(request, media):
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
     if not may_edit_media(request, media):
         raise Forbidden("User may not edit this media")
 
@@ -66,7 +70,7 @@ def edit_media(request, media):
         license=media.license)
 
     form = forms.EditForm(
-        request.form,
+        request.method=='POST' and request.form or None,
         **defaults)
 
     if request.method == 'POST' and form.validate():
@@ -115,6 +119,10 @@ UNSAFE_MIMETYPES = [
 @get_media_entry_by_id
 @require_active_login
 def edit_attachments(request, media):
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
     if mg_globals.app_config['allow_attachments']:
         form = forms.EditAttachmentsForm()
 
@@ -211,7 +219,8 @@ def edit_profile(request, url_user=None):
     else:
         location = user.get_location.name
 
-    form = forms.EditProfileForm(request.form,
+    form = forms.EditProfileForm(
+        request.method == 'POST' and request.form or None,
         url=user.url,
         bio=user.bio,
         location=location)
@@ -227,6 +236,8 @@ def edit_profile(request, url_user=None):
             location = user.get_location
             location.name = six.text_type(form.location.data)
             location.save()
+        else:
+            user.location = None
 
         user.save()
 
@@ -252,7 +263,8 @@ EMAIL_VERIFICATION_TEMPLATE = (
 @require_active_login
 def edit_account(request):
     user = request.user
-    form = forms.EditAccountForm(request.form,
+    form = forms.EditAccountForm(
+        request.method == 'POST' and request.form or None,
         wants_comment_notification=user.wants_comment_notification,
         license_preference=user.license_preference,
         wants_notifications=user.wants_notifications)
@@ -350,7 +362,7 @@ def edit_collection(request, collection):
         description=collection.description)
 
     form = forms.EditCollectionForm(
-        request.form,
+        request.method == 'POST' and request.form or None,
         **defaults)
 
     if request.method == 'POST' and form.validate():
@@ -443,9 +455,11 @@ def verify_email(request):
         user=user.username)
 
 
+@require_active_login
 def change_email(request):
     """ View to change the user's email """
-    form = forms.ChangeEmailForm(request.form)
+    form = forms.ChangeEmailForm(
+        request.method == 'POST' and request.form or None)
     user = request.user
 
     # If no password authentication, no need to enter a password
@@ -498,7 +512,12 @@ def change_email(request):
 @require_active_login
 @get_media_entry_by_id
 def edit_metadata(request, media):
-    form = forms.EditMetaDataForm(request.form)
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
+    form = forms.EditMetaDataForm(
+        request.method == 'POST' and request.form or None)
     if request.method == "POST" and form.validate():
         metadata_dict = dict([(row['identifier'],row['value'])
                             for row in form.media_metadata.data])