2 files changed, 28 insertions, 10 deletions
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index b349975d..d3ae5465 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -29,4 +29,4 @@ add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
 add_route('mediagoblin.edit.email', '/edit/email/',
     'mediagoblin.edit.views:change_email')
 add_route('mediagoblin.edit.deauthorize_applications', '/edit/deauthorize/',
-    'mediagoblin.edit.views:deauthorize_applications')
+    'mediagoblin.edit.views:deauthorize_applications')
+\ No newline at end of file
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index b15fb2e7..717241e8 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -1,4 +1,4 @@
-# GNU MediaGoblin -- federated, autonomous media hosting
+
 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
@@ -34,7 +34,7 @@ from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import (require_active_login, active_user_from_url,
                             get_media_entry_by_id, user_may_alter_collection,
                             get_user_collection, user_has_privilege,
-                            user_not_banned)
+                            user_not_banned, user_may_delete_media)
 from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.tools.metadata import (compact_and_validate, DEFAULT_CHECKER,
                                         DEFAULT_SCHEMA)
@@ -55,6 +55,10 @@ import mimetypes
 @get_media_entry_by_id
 @require_active_login
 def edit_media(request, media):
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
     if not may_edit_media(request, media):
         raise Forbidden("User may not edit this media")
 
@@ -66,7 +70,7 @@ def edit_media(request, media):
         license=media.license)
 
     form = forms.EditForm(
-        request.form,
+        request.method=='POST' and request.form or None,
         **defaults)
 
     if request.method == 'POST' and form.validate():
@@ -115,6 +119,10 @@ UNSAFE_MIMETYPES = [
 @get_media_entry_by_id
 @require_active_login
 def edit_attachments(request, media):
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
     if mg_globals.app_config['allow_attachments']:
         form = forms.EditAttachmentsForm()
 
@@ -211,7 +219,8 @@ def edit_profile(request, url_user=None):
     else:
         location = user.get_location.name
 
-    form = forms.EditProfileForm(request.form,
+    form = forms.EditProfileForm(
+        request.method == 'POST' and request.form or None,
         url=user.url,
         bio=user.bio,
         location=location)
@@ -227,6 +236,8 @@ def edit_profile(request, url_user=None):
             location = user.get_location
             location.name = six.text_type(form.location.data)
             location.save()
+        else:
+            user.location = None
 
         user.save()
 
@@ -252,7 +263,8 @@ EMAIL_VERIFICATION_TEMPLATE = (
 @require_active_login
 def edit_account(request):
     user = request.user
-    form = forms.EditAccountForm(request.form,
+    form = forms.EditAccountForm(
+        request.method == 'POST' and request.form or None,
         wants_comment_notification=user.wants_comment_notification,
         license_preference=user.license_preference,
         wants_notifications=user.wants_notifications)
@@ -350,7 +362,7 @@ def edit_collection(request, collection):
         description=collection.description)
 
     form = forms.EditCollectionForm(
-        request.form,
+        request.method == 'POST' and request.form or None,
         **defaults)
 
     if request.method == 'POST' and form.validate():
@@ -446,7 +458,8 @@ def verify_email(request):
 @require_active_login
 def change_email(request):
     """ View to change the user's email """
-    form = forms.ChangeEmailForm(request.form)
+    form = forms.ChangeEmailForm(
+        request.method == 'POST' and request.form or None)
     user = request.user
 
     # If no password authentication, no need to enter a password
@@ -499,7 +512,12 @@ def change_email(request):
 @require_active_login
 @get_media_entry_by_id
 def edit_metadata(request, media):
-    form = forms.EditMetaDataForm(request.form)
+    # If media is not processed, return NotFound.
+    if not media.state == u'processed':
+        return render_404(request)
+
+    form = forms.EditMetaDataForm(
+        request.method == 'POST' and request.form or None)
     if request.method == "POST" and form.validate():
         metadata_dict = dict([(row['identifier'],row['value'])
                             for row in form.media_metadata.data])
@@ -520,4 +538,4 @@ def edit_metadata(request, media):
         request,
         'mediagoblin/edit/metadata.html',
         {'form':form,
-         'media':media})
+         'media':media})
+\ No newline at end of file