fnp / redakcja.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fileupload: handle dot components in MEDIA_ROOT path correctly
[redakcja.git] / apps / fileupload / views.py
diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py
index 9425515..ab719a1 100644 (file)
--- a/apps/fileupload/views.py
+++ b/apps/fileupload/views.py
@@ -78,7 +78,7 @@ class UploadView(FormView):
                 settings.MEDIA_ROOT,
                 self.get_directory(),
                 filename))
-        if not path.startswith(settings.MEDIA_ROOT):
+        if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
             raise Http404
         if filename:
             if not path.startswith(self.get_safe_path()):
@@ -99,7 +99,7 @@ class UploadView(FormView):
             files = []
             path = self.get_safe_path()
             if os.path.isdir(path):
-                for f in os.listdir(path):
+                for f in sorted(os.listdir(path)):
                     file_info = {
                         "name": f,
                     }
@@ -137,7 +137,7 @@ class UploadView(FormView):
                 'url': self.get_url(f.name),
                 'thumbnail_url': thumbnail(self.get_directory() + f.name),
                         'delete_url': "%s?file=%s" % (
-                            request.get_full_path(),
+                            self.request.get_full_path(),
                             quote(f.name.encode('utf-8'))),
                 'delete_type': "DELETE"
             })