From: Aleksander Łukasz <aleksander.lukasz@nowoczesnapolska.org.pl>
Date: Thu, 19 Dec 2013 09:50:37 +0000 (+0100)
Subject: fileupload: handle dot components in MEDIA_ROOT path correctly
X-Git-Url: https://git.mdrn.pl/redakcja.git/commitdiff_plain/a1d59523f422c3674a39b0d65ea2c97acca7ede8

fileupload: handle dot components in MEDIA_ROOT path correctly
---

diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py
index d08bfd32..ab719a19 100644
--- a/apps/fileupload/views.py
+++ b/apps/fileupload/views.py
@@ -78,7 +78,7 @@ class UploadView(FormView):
                 settings.MEDIA_ROOT,
                 self.get_directory(),
                 filename))
-        if not path.startswith(settings.MEDIA_ROOT):
+        if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
             raise Http404
         if filename:
             if not path.startswith(self.get_safe_path()):