~sircmpwn/paste.sr.ht

04f07fd072e27d3aec16f445d43806fa86792e59 — Drew DeVault 6 months ago 0dbb524 0.5.1
Don't access contents before it's validated
1 files changed, 1 insertions(+), 1 deletions(-)

M pastesrht/blueprints/api/pastes.py
M pastesrht/blueprints/api/pastes.py => pastesrht/blueprints/api/pastes.py +1 -1
@@ 37,7 37,6 @@ def pastes_POST():
        valid.expect(isinstance(f, dict),
                f"Expected files[{i}] to be dict", field=f"files[{i}]")
        contents = f.get("contents")
        contents = contents.replace('\r\n', '\n').replace('\r', '\n')
        filename = f.get("filename")
        valid.expect(contents, f"files[{i}].contents is required",
                field=f"files[{i}]")


@@ 52,6 51,7 @@ def pastes_POST():
                "than once", field=f"files[{i}].filename")
        if not valid.ok:
            continue
        contents = contents.replace('\r\n', '\n').replace('\r', '\n')
        filenames.update({filename})
        sha = sha1()
        sha.update(contents.encode())