From 10000197f1711373a4ecf39315ffbca6be8703c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Klus=C3=A1k?= <vaclav.klusak@klokantech.com>
Date: Tue, 13 Feb 2018 16:47:10 +0100
Subject: [PATCH] Ignore incorrect base 64 padding.

---
 app/jekylledit/controllers/site.py | 10 +++++++---
 app/jekylledit/model/site.py       |  6 +++---
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/app/jekylledit/controllers/site.py b/app/jekylledit/controllers/site.py
index 7e6f8de..853dd29 100644
--- a/app/jekylledit/controllers/site.py
+++ b/app/jekylledit/controllers/site.py
@@ -138,7 +138,7 @@ def site_file(site_id, file_id):
 
     # Update post
     elif request.method == 'PUT':
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -164,7 +164,7 @@ def site_file(site_id, file_id):
     elif request.method == 'DELETE':
         if not Permission(('administrator', site_id)):
             abort(403)
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -180,7 +180,7 @@ def site_file(site_id, file_id):
 
     # Return post
     else:
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -199,6 +199,10 @@ def site_file(site_id, file_id):
         })
 
 
+def decode_filename(file_id):
+    return b64decode(file_id + '===').decode()
+
+
 # Response related drafts
 @app.route('/site/<site_id>/drafts', methods=['GET'])
 @cross_origin()
diff --git a/app/jekylledit/model/site.py b/app/jekylledit/model/site.py
index d2a0d38..a906cd7 100644
--- a/app/jekylledit/model/site.py
+++ b/app/jekylledit/model/site.py
@@ -150,13 +150,13 @@ def remove_post(self, filename):
     def save_media(self, media):
         config = self.get_config()
         created = []
-        for key, medio in media.items():
-            if not '/' in key:
+        for key, medium in media.items():
+            if '/' not in key:
                 filename = self.repository.path(config['media'] + '/' + key)
             else:
                 filename = self.repository.path(key)
             with open(filename, 'wb+') as fm:
-                fm.write(b64decode(medio['data']))
+                fm.write(b64decode(medium['data']))
                 created.append(filename)
         return created