From f7ec8cccc7ac17471d02bf4d153e66c000932046 Mon Sep 17 00:00:00 2001
From: Steve Howell <steve@zulip.com>
Date: Tue, 17 Dec 2013 16:24:25 -0500
Subject: [PATCH] Validate subscriptions in add_subscriptions_backend.

(imported from commit 3d4b669ade135dfa85c01238db110a5e4c1362b2)
---
 zerver/views/__init__.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/zerver/views/__init__.py b/zerver/views/__init__.py
index d0b6db629d..34e4c41c49 100644
--- a/zerver/views/__init__.py
+++ b/zerver/views/__init__.py
@@ -1652,7 +1652,8 @@ def stream_link(stream_name):
 
 @has_request_variables
 def add_subscriptions_backend(request, user_profile,
-                              streams_raw = REQ("subscriptions", json_to_list),
+                              streams_raw = REQ("subscriptions",
+                              validator=check_list(check_dict([['name', check_string]]))),
                               invite_only = REQ(converter=json_to_bool, default=False),
                               announce = REQ(converter=json_to_bool, default=False),
                               principals = REQ(validator=check_list(check_string), default=None),
@@ -1660,8 +1661,6 @@ def add_subscriptions_backend(request, user_profile,
 
     stream_names = []
     for stream in streams_raw:
-        if not isinstance(stream, dict):
-            return json_error("Malformed request")
         stream_name = stream["name"].strip()
         if len(stream_name) > Stream.MAX_NAME_LENGTH:
             return json_error("Stream name (%s) too long." % (stream_name,))