From d21b97032ad3b6f46652372022ac62699ef37580 Mon Sep 17 00:00:00 2001
From: beavailable <beavailable@proton.me>
Date: Wed, 19 Oct 2022 08:03:29 +0800
Subject: [PATCH] Prevent directory traversal attacks

---
 share.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/share.py b/share.py
index d5ec613..b164acf 100755
--- a/share.py
+++ b/share.py
@@ -129,7 +129,7 @@ def handle_multipart(self, save_dir, redirect_location):
                 if not filename:
                     self.respond_bad_request()
                     return
-                with open(f'{save_dir}/{filename}', 'wb') as f:
+                with open(f'{save_dir}/{os.path.basename(filename)}', 'wb') as f:
                     parser.write_next_to(f)
         except MultipartError:
             self.respond_bad_request()