Fixed attachments

2012-10-23 01:09:09 +02:00 · 2012-10-23 01:09:09 +02:00 · c43f8c1d92
commit c43f8c1d92
parent d7d9933735
3 changed files with 16 additions and 14 deletions
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@ -106,9 +106,8 @@ def edit_attachments(request, media):
        form = forms.EditAttachmentsForm()
        # Add any attachements
-        if ('attachment_file' in request.form
+        if 'attachment_file' in request.files \
-            and isinstance(request.form['attachment_file'], FieldStorage)
+            and request.files['attachment_file']:
            and request.form['attachment_file'].file):
            # Security measure to prevent attachments from being served as
            # text/html, which will be parsed by web clients and pose an XSS
@ -121,13 +120,13 @@ def edit_attachments(request, media):
            # machine parsing the upload form, and not necessarily the machine
            # serving the attachments.
            if mimetypes.guess_type(
-                    request.form['attachment_file'].filename)[0] in \
+                    request.files['attachment_file'].filename)[0] in \
                    UNSAFE_MIMETYPES:
                public_filename = secure_filename('{0}.notsafe'.format(
-                    request.form['attachment_file'].filename))
+                    request.files['attachment_file'].filename))
            else:
                public_filename = secure_filename(
-                        request.form['attachment_file'].filename)
+                        request.files['attachment_file'].filename)
            attachment_public_filepath \
                = mg_globals.public_store.get_unique_filepath(
@ -139,13 +138,13 @@ def edit_attachments(request, media):
            try:
                attachment_public_file.write(
-                    request.form['attachment_file'].file.read())
+                    request.files['attachment_file'].stream.read())
            finally:
-                request.form['attachment_file'].file.close()
+                request.files['attachment_file'].stream.close()
            media.attachment_files.append(dict(
                    name=request.form['attachment_name'] \
-                        or request.form['attachment_file'].filename,
+                        or request.files['attachment_file'].filename,
                    filepath=attachment_public_filepath,
                    created=datetime.utcnow(),
                    ))
@ -156,7 +155,7 @@ def edit_attachments(request, media):
                request, messages.SUCCESS,
                "You added the attachment %s!" \
                    % (request.form['attachment_name']
-                       or request.form['attachment_file'].filename))
+                       or request.files['attachment_file'].filename))
            return exc.HTTPFound(
                location=media.url_for_self(request.urlgen))
--- a/mediagoblin/storage/cloudfiles.py
+++ b/mediagoblin/storage/cloudfiles.py
@ -104,10 +104,13 @@ class CloudFilesStorage(StorageInterface):
            mimetype = mimetypes.guess_type(
                filepath[-1])
-            if mimetype:
+            if mimetype[0]:
                # Set the mimetype on the CloudFiles object
                obj.content_type = mimetype[0]
                obj.metadata = {'mime-type': mimetype[0]}
            else:
                obj.content_type = 'application/octet-stream'
                obj.metadata = {'mime-type': 'application/octet-stream'}
        return CloudFilesStorageObjectWrapper(obj, *args, **kwargs)
--- a/mediagoblin/user_pages/routing.py
+++ b/mediagoblin/user_pages/routing.py
@ -78,4 +78,4 @@ add_route('mediagoblin.edit.edit_media',
 add_route('mediagoblin.edit.attachments',
          '/u/<string:user>/m/<string:media>/attachments/',
-          'mediagoblin.user_pages.views:edit_attachments')
+          'mediagoblin.edit.views:edit_attachments')