From a1d59523f422c3674a39b0d65ea2c97acca7ede8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Aleksander=20=C5=81ukasz?= Date: Thu, 19 Dec 2013 10:50:37 +0100 Subject: [PATCH] fileupload: handle dot components in MEDIA_ROOT path correctly --- apps/fileupload/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py index d08bfd32..ab719a19 100644 --- a/apps/fileupload/views.py +++ b/apps/fileupload/views.py @@ -78,7 +78,7 @@ class UploadView(FormView): settings.MEDIA_ROOT, self.get_directory(), filename)) - if not path.startswith(settings.MEDIA_ROOT): + if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)): raise Http404 if filename: if not path.startswith(self.get_safe_path()): -- 2.20.1