From c8041cd0bfaf4014a1fa5f1402cf3986e678dfa0 Mon Sep 17 00:00:00 2001
From: ville rantanen <ville.rantanen@iki.fi>
Date: Mon, 2 Jul 2018 09:46:08 +0300
Subject: [PATCH] upload splitting didnt work for unsafe names

---
 code/app.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/code/app.py b/code/app.py
index 49248c2..e96f8de 100644
--- a/code/app.py
+++ b/code/app.py
@@ -14,7 +14,7 @@ from utils.utils import *
 from utils.crypt import *
 
 
-__FLEES_VERSION__ = "20180701.0"
+__FLEES_VERSION__ = "20180702.0"
 app = Flask(__name__)
 app.config.from_object(__name__)
 # Read config from json !
@@ -114,6 +114,7 @@ def upload(name = None, token = None):
                 if os.path.exists(filename):
                     file_versionize(filename)
                     #~ return "Overwrite forbidden", 403
+            print_debug("Saving " + filename)
             file.save(filename)
             set_rights(filename)
             notify({
@@ -154,11 +155,14 @@ def upload_join_splitted(name, token):
         for part in range(no_parts):
             filename = os.path.join(
                 share['path'],
-                ".%s.part.%03d"%(
-                    request.form['filename'],
-                    part
+                secure_filename_hidden(
+                    ".%s.part.%03d"%(
+                        request.form['filename'],
+                        part
+                    )
                 )
             )
+            print_debug("Checking for join: " + filename)
             if os.path.exists(filename):
                 parts.append(filename)
                 part_existed = part