From 09e528acbb4d1321fce5cec8b22fd7fd153bf68a Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Mon, 17 Sep 2012 23:54:27 +0200 Subject: [PATCH] Fixed validation in API post_entry. Added state to API get_entry_serializable --- mediagoblin/plugins/api/tools.py | 1 + mediagoblin/plugins/api/views.py | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py index e5aca29b..c4630ba7 100644 --- a/mediagoblin/plugins/api/tools.py +++ b/mediagoblin/plugins/api/tools.py @@ -95,6 +95,7 @@ def get_entry_serializable(entry, urlgen): 'description': entry.description, 'description_html': entry.description_html, 'media_type': entry.media_type, + 'state': entry.state, 'permalink': entry.url_for_self(urlgen, qualified=True), 'media_files': get_media_file_paths(entry.media_files, urlgen)} diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py index 2eb9e414..d537ec6e 100644 --- a/mediagoblin/plugins/api/views.py +++ b/mediagoblin/plugins/api/views.py @@ -20,6 +20,7 @@ import uuid from os.path import splitext from webob import exc, Response +from cgi import FieldStorage from werkzeug.utils import secure_filename from celery import registry @@ -43,10 +44,18 @@ _log = logging.getLogger(__name__) @require_active_login def post_entry(request): _log.debug('Posting entry') + + if request.method == 'OPTIONS': + return json_response({'status': 200}) + if request.method != 'POST': + _log.debug('Must POST against post_entry') return exc.HTTPBadRequest() - if not 'file' in request.POST or not hasattr(request.POST['file'], 'file'): + if not 'file' in request.POST \ + or not isinstance(request.POST['file'], FieldStorage) \ + or not request.POST['file'].file: + _log.debug('File field not found') return exc.HTTPBadRequest() media_file = request.POST['file'] -- 2.25.1