# HG changeset patch
# User Peter Sanchez <petersanchez@gmail.com>
# Date 1282097102 25200
#      Tue Aug 17 19:05:02 2010 -0700
# Node ID 27343e28be1d5cb87a2c56c3259c39228e2a9825
# Parent  69dc333e27272224906e46decaeff849d6ea95e1
Added command validation

diff --git a/cartfreakapi/views.py b/cartfreakapi/views.py
--- a/cartfreakapi/views.py
+++ b/cartfreakapi/views.py
@@ -15,6 +15,8 @@
         )
 
     required = ('command', 'hash')
+    valid_commands = ('CREATE', 'REMOVE', 'COMPLETE')
+    
     cf_key = getattr(settings, key_name)
     for req in required:
         if req not in request.POST:
@@ -24,7 +26,10 @@
     in_hash = request.POST.get('hash')
     command = request.POST.get('command')
     _hash = hashlib.sha1(cf_key + command).hexdigest()
-    
+
+    if command not in valid_commands:
+        return HttpResponse(ERROR_STR % 'Invalid command sent')
+
     if _hash != in_hash:
         return HttpResponse(ERROR_STR % 'Invalid hash sent')