X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/babe7f68fcbb8f7e73f9b62d611715ca28b4c4e6..a1d59523f422c3674a39b0d65ea2c97acca7ede8:/apps/fileupload/views.py?ds=sidebyside

diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py
index 9425515b..ab719a19 100644
--- a/apps/fileupload/views.py
+++ b/apps/fileupload/views.py
@@ -78,7 +78,7 @@ class UploadView(FormView):
                 settings.MEDIA_ROOT,
                 self.get_directory(),
                 filename))
-        if not path.startswith(settings.MEDIA_ROOT):
+        if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
             raise Http404
         if filename:
             if not path.startswith(self.get_safe_path()):
@@ -99,7 +99,7 @@ class UploadView(FormView):
             files = []
             path = self.get_safe_path()
             if os.path.isdir(path):
-                for f in os.listdir(path):
+                for f in sorted(os.listdir(path)):
                     file_info = {
                         "name": f,
                     }
@@ -137,7 +137,7 @@ class UploadView(FormView):
                 'url': self.get_url(f.name),
                 'thumbnail_url': thumbnail(self.get_directory() + f.name),
                         'delete_url': "%s?file=%s" % (
-                            request.get_full_path(),
+                            self.request.get_full_path(),
                             quote(f.name.encode('utf-8'))),
                 'delete_type': "DELETE"
             })