From: Joar Wandborg Date: Mon, 22 Oct 2012 23:09:09 +0000 (+0200) Subject: Fixed attachments X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=c43f8c1d927c7b01d70bdd5662848fa3009f1141;p=mediagoblin.git Fixed attachments --- diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 61b2cb82..2d42ff0b 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -106,9 +106,8 @@ def edit_attachments(request, media): form = forms.EditAttachmentsForm() # Add any attachements - if ('attachment_file' in request.form - and isinstance(request.form['attachment_file'], FieldStorage) - and request.form['attachment_file'].file): + if 'attachment_file' in request.files \ + and request.files['attachment_file']: # Security measure to prevent attachments from being served as # text/html, which will be parsed by web clients and pose an XSS @@ -121,13 +120,13 @@ def edit_attachments(request, media): # machine parsing the upload form, and not necessarily the machine # serving the attachments. if mimetypes.guess_type( - request.form['attachment_file'].filename)[0] in \ + request.files['attachment_file'].filename)[0] in \ UNSAFE_MIMETYPES: public_filename = secure_filename('{0}.notsafe'.format( - request.form['attachment_file'].filename)) + request.files['attachment_file'].filename)) else: public_filename = secure_filename( - request.form['attachment_file'].filename) + request.files['attachment_file'].filename) attachment_public_filepath \ = mg_globals.public_store.get_unique_filepath( @@ -139,13 +138,13 @@ def edit_attachments(request, media): try: attachment_public_file.write( - request.form['attachment_file'].file.read()) + request.files['attachment_file'].stream.read()) finally: - request.form['attachment_file'].file.close() + request.files['attachment_file'].stream.close() media.attachment_files.append(dict( name=request.form['attachment_name'] \ - or request.form['attachment_file'].filename, + or request.files['attachment_file'].filename, filepath=attachment_public_filepath, created=datetime.utcnow(), )) @@ -156,7 +155,7 @@ def edit_attachments(request, media): request, messages.SUCCESS, "You added the attachment %s!" \ % (request.form['attachment_name'] - or request.form['attachment_file'].filename)) + or request.files['attachment_file'].filename)) return exc.HTTPFound( location=media.url_for_self(request.urlgen)) @@ -276,12 +275,12 @@ def edit_collection(request, collection): # and userid. slug_used = check_collection_slug_used(request.db, collection.creator, request.form['slug'], collection.id) - + # Make sure there isn't already a Collection with this title existing_collection = request.db.Collection.find_one({ 'creator': request.user._id, 'title':request.form['title']}) - + if existing_collection and existing_collection.id != collection.id: messages.add_message( request, messages.ERROR, diff --git a/mediagoblin/storage/cloudfiles.py b/mediagoblin/storage/cloudfiles.py index ced3beb3..1b5a6363 100644 --- a/mediagoblin/storage/cloudfiles.py +++ b/mediagoblin/storage/cloudfiles.py @@ -104,10 +104,13 @@ class CloudFilesStorage(StorageInterface): mimetype = mimetypes.guess_type( filepath[-1]) - if mimetype: + if mimetype[0]: # Set the mimetype on the CloudFiles object obj.content_type = mimetype[0] obj.metadata = {'mime-type': mimetype[0]} + else: + obj.content_type = 'application/octet-stream' + obj.metadata = {'mime-type': 'application/octet-stream'} return CloudFilesStorageObjectWrapper(obj, *args, **kwargs) diff --git a/mediagoblin/user_pages/routing.py b/mediagoblin/user_pages/routing.py index 35e1bd6e..8162e641 100644 --- a/mediagoblin/user_pages/routing.py +++ b/mediagoblin/user_pages/routing.py @@ -78,4 +78,4 @@ add_route('mediagoblin.edit.edit_media', add_route('mediagoblin.edit.attachments', '/u//m//attachments/', - 'mediagoblin.user_pages.views:edit_attachments') + 'mediagoblin.edit.views:edit_attachments')