From b547a11d007699fd91f3798781cb565fc78fe976 Mon Sep 17 00:00:00 2001
From: Max Goodman <max@reddit.com>
Date: Mon, 30 Sep 2013 16:09:46 -0700
Subject: [PATCH] Fix validating uploads post-"storify" removal.

Refactoring out the old "storify" function and duplicated request data
params changed the semantics of file uploads. Uploads are now presented
as cgi.FieldStorage values to our validators, and need to be referenced
by their `.value` property to get the data.
---
 r2/r2/controllers/api.py               |  2 +-
 r2/r2/controllers/promotecontroller.py |  3 ++-
 r2/r2/lib/validator/validator.py       | 15 ++++++++++++++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index b3d461ed9..87748f878 100755
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -1728,7 +1728,7 @@ class ApiController(RedditController, OAuth2ResourceController):
     @require_oauth2_scope("modconfig")
     @validate(VSrModerator(perms='config'),
               VModhash(),
-              file = VLength('file', max_length=1024*500),
+              file = VUploadLength('file', max_length=1024*500),
               name = VCssName("name"),
               img_type = VImageType('img_type'),
               form_id = VLength('formid', max_length = 100), 
diff --git a/r2/r2/controllers/promotecontroller.py b/r2/r2/controllers/promotecontroller.py
index 985c4d584..d853cd505 100644
--- a/r2/r2/controllers/promotecontroller.py
+++ b/r2/r2/controllers/promotecontroller.py
@@ -87,6 +87,7 @@ from r2.lib.validator import (
     VSponsorAdminOrAdminSecret,
     VSubmitSR,
     VTitle,
+    VUploadLength,
     VUrl,
 )
 from r2.models import (
@@ -775,7 +776,7 @@ class PromoteController(ListingController):
 
     @validate(VSponsor("link_id"),
               link=VByName('link_id'),
-              file=VLength('file', 500 * 1024),
+              file=VUploadLength('file', 500*1024),
               img_type=VImageType('img_type'))
     def POST_link_thumb(self, link=None, file=None, img_type='jpg'):
         if link and (not promote.is_promoted(link) or
diff --git a/r2/r2/lib/validator/validator.py b/r2/r2/lib/validator/validator.py
index 27644fe1f..a9c6ba6ff 100644
--- a/r2/r2/lib/validator/validator.py
+++ b/r2/r2/lib/validator/validator.py
@@ -20,6 +20,7 @@
 # Inc. All Rights Reserved.
 ###############################################################################
 
+import cgi
 import json
 
 from pylons import c, g, request, response
@@ -112,7 +113,11 @@ class Validator(object):
         a = []
         if self.param:
             for p in utils.tup(self.param):
-                if self.post and request.POST.get(p):
+                # cgi.FieldStorage is falsy even if it has a filled value
+                # property. :(
+                post_val = request.POST.get(p)
+                if self.post and (post_val or
+                                  isinstance(post_val, cgi.FieldStorage)):
                     val = request.POST[p]
                 elif self.get and request.GET.get(p):
                     val = request.GET[p]
@@ -553,6 +558,14 @@ class VLength(Validator):
         else:
             return text
 
+class VUploadLength(VLength):
+    def run(self, upload, text2=''):
+        # upload is expected to be a FieldStorage object
+        if isinstance(upload, cgi.FieldStorage):
+            return VLength.run(self, upload.value, text2)
+        else:
+            self.set_error(self.empty_error, code=400)
+
 class VPrintable(VLength):
     def run(self, text, text2 = ''):
         text = VLength.run(self, text, text2)