X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/ee99f155d35803cc802ce2a2200fb98cee015772..a1d59523f422c3674a39b0d65ea2c97acca7ede8:/apps/fileupload/views.py

diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py
index 8863465c..ab719a19 100644
--- a/apps/fileupload/views.py
+++ b/apps/fileupload/views.py
@@ -78,7 +78,7 @@ class UploadView(FormView):
                 settings.MEDIA_ROOT,
                 self.get_directory(),
                 filename))
-        if not path.startswith(settings.MEDIA_ROOT):
+        if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
             raise Http404
         if filename:
             if not path.startswith(self.get_safe_path()):
@@ -99,7 +99,7 @@ class UploadView(FormView):
             files = []
             path = self.get_safe_path()
             if os.path.isdir(path):
-                for f in os.listdir(path):
+                for f in sorted(os.listdir(path)):
                     file_info = {
                         "name": f,
                     }