From 772ee76e760837571db6caceb3d3a46d560aa513 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= <gina@octoprint.org>
Date: Thu, 2 Nov 2017 09:36:53 +0100
Subject: [PATCH] More hardening against invalid requests

See #2189
---
 src/octoprint/server/util/flask.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/octoprint/server/util/flask.py b/src/octoprint/server/util/flask.py
index 7b0437af..faf4bec2 100644
--- a/src/octoprint/server/util/flask.py
+++ b/src/octoprint/server/util/flask.py
@@ -1116,7 +1116,7 @@ def restricted_access(func):
 def firstrun_only_access(func):
 	"""
 	If you decorate a view with this, it will ensure that first setup has _not_ been
-	done for OctoPrint's Access Control. Otherwise it 
+	done for OctoPrint's Access Control. Otherwise it
 	will cause a HTTP 403 status code to be returned by the decorated resource.
 	"""
 	@functools.wraps(func)
@@ -1211,6 +1211,9 @@ def get_json_command_from_request(request, valid_commands):
 		return None, None, make_response("Expected content-type JSON", 400)
 
 	data = request.json
+	if data is None:
+		return None, None, make_response("Expected content-type JSON", 400)
+	
 	if not "command" in data.keys() or not data["command"] in valid_commands.keys():
 		return None, None, make_response("Expected valid command", 400)