Use secure file names when creating image files

src/web/templates/drives.html

@@ -37,7 +37,7 @@
                     <input type="hidden" name="size" value="{{hd.size}}">
 		    <input type="hidden" name="file_type" value="{{hd.file_type}}">
 		    <label for="file_name">Save as:</label>
-		    <input type="text" name="file_name" value="{{hd.name}}" />.{{hd.file_type}}
+		    <input type="text" name="file_name" value="{{hd.secure_name}}" />.{{hd.file_type}}
                     <input type="submit" value="Create" />
                 </form>
             </td>
@@ -127,7 +127,7 @@
                     <input type="hidden" name="size" value="{{rm.size}}">
 		    <input type="hidden" name="file_type" value="{{rm.file_type}}">
 		    <label for="file_name">Save as:</label>
-		    <input type="text" name="file_name" value="{{rm.name}}" />.{{rm.file_type}}
+		    <input type="text" name="file_name" value="{{rm.secure_name}}" />.{{rm.file_type}}
                     <input type="submit" value="Create" />
                 </form>
             </td>

src/web/web.py

@@ -107,14 +107,17 @@ def drive_list():
     cd_conf = []
     rm_conf = []
 
+    from werkzeug.utils import secure_filename
     for d in conf:
         if d["device_type"] == "SCHD":
+            d["secure_name"] = secure_filename(d["name"])
             d["size_mb"] = "{:,.2f}".format(d["size"] / 1024 / 1024)
             hd_conf.append(d)
         elif d["device_type"] == "SCCD":
             d["size_mb"] = "N/A"
             cd_conf.append(d)
         elif d["device_type"] == "SCRM":
+            d["secure_name"] = secure_filename(d["name"])
             d["size_mb"] = "{:,.2f}".format(d["size"] / 1024 / 1024)
             rm_conf.append(d)