Do not disclose the file system full path

For example, when uploading a file called "foo/bar.txt" twice, right now it shows the full directory (e.g., "File /your/system/directory/foo/bar.txt already exists"), instead of only showing "File foo/bar.txt already exists".

Do not disclose the file system full path
For example, when uploading a file called "foo/bar.txt" twice, right now it shows the full directory (e.g., "File /your/system/directory/foo/bar.txt already exists"), instead of only showing "File foo/bar.txt already exists".
3e016431 · Pablo Orduña · aced0e83 · 3e016431
Commit 3e016431 authored Oct 19, 2015 by Pablo Orduña
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

fileadmin.py flask_admin/contrib/fileadmin.py +2 -1

No files found.
--- a/flask_admin/contrib/fileadmin.py
+++ b/flask_admin/contrib/fileadmin.py
@@ -596,7 +596,8 @@ class FileAdmin(BaseView, ActionsMixin):
                           secure_filename(form.upload.data.filename))

        if op.exists(filename):
-            flash(gettext('File "%(name)s" already exists.', name=filename),
+            secure_name = op.join(path, secure_filename(form.upload.data.filename))
+            flash(gettext('File "%(name)s" already exists.', name=secure_name),
                  'error')
        else:
            self.save_file(filename, form.upload.data)