From 783b482a0a894104219bc75a78ae053e025996d4 Mon Sep 17 00:00:00 2001 From: lza_menace Date: Wed, 23 Sep 2020 21:55:00 -0700 Subject: [PATCH] add randomization to filenames so users cannot overwrite each other's images --- suchwow/routes/post.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/suchwow/routes/post.py b/suchwow/routes/post.py index 5b14a43..1c62af6 100644 --- a/suchwow/routes/post.py +++ b/suchwow/routes/post.py @@ -2,6 +2,7 @@ from os import path from flask import render_template, Blueprint, request, session, flash from flask import send_from_directory, redirect, url_for, current_app from werkzeug.utils import secure_filename +from secrets import token_urlsafe from suchwow import wownero from suchwow.models import Post, Comment from suchwow.utils.decorators import login_required, profile_required @@ -67,7 +68,10 @@ def create(): flash("You didn't give your meme a spicy title, bro! You're fuckin up!") return redirect(request.url) if file and allowed_file(file.filename): - filename = secure_filename(file.filename) + filename = "{}-{}".format( + token_urlsafe(12), + secure_filename(file.filename) + ) save_path_base = path.join(current_app.config["DATA_FOLDER"], "uploads") save_path = path.join(save_path_base, filename) file.save(save_path)