From 09e528acbb4d1321fce5cec8b22fd7fd153bf68a Mon Sep 17 00:00:00 2001
From: Joar Wandborg <git@wandborg.com>
Date: Mon, 17 Sep 2012 23:54:27 +0200
Subject: Fixed validation in API post_entry.

Added state to API get_entry_serializable
---
 mediagoblin/plugins/api/views.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'mediagoblin/plugins/api/views.py')

diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py
index 2eb9e414..d537ec6e 100644
--- a/mediagoblin/plugins/api/views.py
+++ b/mediagoblin/plugins/api/views.py
@@ -20,6 +20,7 @@ import uuid
 
 from os.path import splitext
 from webob import exc, Response
+from cgi import FieldStorage
 from werkzeug.utils import secure_filename
 from celery import registry
 
@@ -43,10 +44,18 @@ _log = logging.getLogger(__name__)
 @require_active_login
 def post_entry(request):
     _log.debug('Posting entry')
+
+    if request.method == 'OPTIONS':
+        return json_response({'status': 200})
+
     if request.method != 'POST':
+        _log.debug('Must POST against post_entry')
         return exc.HTTPBadRequest()
 
-    if not 'file' in request.POST or not hasattr(request.POST['file'], 'file'):
+    if not 'file' in request.POST \
+            or not isinstance(request.POST['file'], FieldStorage) \
+            or not request.POST['file'].file:
+        _log.debug('File field not found')
         return exc.HTTPBadRequest()
 
     media_file = request.POST['file']
-- 
cgit v1.2.3