diff options
-rwxr-xr-x | fshare.py | 10 |
1 files changed, 7 insertions, 3 deletions
@@ -399,7 +399,9 @@ class FShareRequestHandler(hs.BaseHTTPRequestHandler): def do_POST(self): self._log_request() - src_fname = os.path.basename(self._process_path(self.path)) + src_fname = os.path.basename(urlparse.unquote(self.path)) + if '/' in src_fname or src_fname in ('.', '..'): + src_fname = '' if 'Transfer-Encoding' in self.headers: if self.headers['Transfer-Encoding'] != 'chunked': @@ -457,8 +459,10 @@ class FShareRequestHandler(hs.BaseHTTPRequestHandler): self._logger.info('%s->%s', dst_fname, path) path += os.path.splitext(src_fname)[1] else: - # private srever: resulting URL is the secret HMAC + original basename - path = dst_fname + '/' + src_fname + # private server: resulting URL is the secret HMAC + original basename + path = dst_fname + if src_fname: + path += '/' + src_fname path = urlparse.quote(path) reply = ('https://%s/%s' % (host, path)).encode('ascii') |