From 5ded4841669648b454b62536b2de9b8889eddb44 Mon Sep 17 00:00:00 2001 From: Daniel Markstedt Date: Mon, 20 Sep 2021 18:33:38 -0700 Subject: [PATCH] Use secure file names when creating image files --- src/web/templates/drives.html | 4 ++-- src/web/web.py | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/web/templates/drives.html b/src/web/templates/drives.html index e08dc93e..f8d335c7 100644 --- a/src/web/templates/drives.html +++ b/src/web/templates/drives.html @@ -37,7 +37,7 @@ - .{{hd.file_type}} + .{{hd.file_type}} @@ -127,7 +127,7 @@ - .{{rm.file_type}} + .{{rm.file_type}} diff --git a/src/web/web.py b/src/web/web.py index 30ed3de8..9c617eaa 100644 --- a/src/web/web.py +++ b/src/web/web.py @@ -107,14 +107,17 @@ def drive_list(): cd_conf = [] rm_conf = [] + from werkzeug.utils import secure_filename for d in conf: if d["device_type"] == "SCHD": + d["secure_name"] = secure_filename(d["name"]) d["size_mb"] = "{:,.2f}".format(d["size"] / 1024 / 1024) hd_conf.append(d) elif d["device_type"] == "SCCD": d["size_mb"] = "N/A" cd_conf.append(d) elif d["device_type"] == "SCRM": + d["secure_name"] = secure_filename(d["name"]) d["size_mb"] = "{:,.2f}".format(d["size"] / 1024 / 1024) rm_conf.append(d)