From 895d05994257a5e0d45166aa9a9b0da04c582bfe Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Mon, 7 Oct 2019 00:10:11 -0700
Subject: [PATCH] scrub file path

---
 app/site_files.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/site_files.rb b/app/site_files.rb
index 25286887..c65abc2d 100644
--- a/app/site_files.rb
+++ b/app/site_files.rb
@@ -125,13 +125,12 @@ post '/site_files/upload' do
 
     unless params[:file_paths].nil? || params[:file_paths].empty? || params[:file_paths].length == 0
       file_path = params[:file_paths][i]
-
       unless file_path.nil?
         dir_name += '/' + Pathname(file_path).dirname.to_s
       end
     end
 
-    file[:filename] = "#{dir_name}/#{file[:filename]}"
+    file[:filename] = "#{dir_name}/#{site.scrubbed_path file[:filename]}"
     if current_site.file_size_too_large? file[:tempfile].size
       file_upload_response "#{file[:filename]} is too large, upload cancelled."
     end