From 5901866200ca9e76288cf0bcbb034e4e6c3ce7af Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Mon, 11 Feb 2019 23:05:51 -0800 Subject: [PATCH] Call secure_filename on the filename first thing, so we don't end up working with multiple versions of the same filename --- onionshare/web/receive_mode.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/onionshare/web/receive_mode.py b/onionshare/web/receive_mode.py index be68900e..15b79486 100644 --- a/onionshare/web/receive_mode.py +++ b/onionshare/web/receive_mode.py @@ -158,10 +158,11 @@ class ReceiveModeFile(object): self.onionshare_write_func = write_func self.onionshare_close_func = close_func - self.filename = os.path.join(self.onionshare_request.receive_mode_dir, secure_filename(filename)) + self.filename = os.path.join(self.onionshare_request.receive_mode_dir, filename) self.filename_in_progress = '{}.part'.format(self.filename) # Open the file + self.upload_error = False try: self.f = open(self.filename_in_progress, 'wb+') except: @@ -316,6 +317,8 @@ class ReceiveModeRequest(Request): self.told_gui_about_request = True + filename = secure_filename(filename) + self.progress[filename] = { 'uploaded_bytes': 0, 'complete': False