From 2c34e0d498e36567b24433183ef80f2e41936f26 Mon Sep 17 00:00:00 2001
From: Pierre-Yves Chibon <pingou@pingoured.fr>
Date: Mar 19 2015 10:33:40 +0000
Subject: Let's be safe and secure the filename a little, thanks werkzeug!


---

diff --git a/progit/lib/git.py b/progit/lib/git.py
index 978bbf3..f7328e7 100644
--- a/progit/lib/git.py
+++ b/progit/lib/git.py
@@ -21,6 +21,7 @@ import time
 import uuid
 
 import pygit2
+import werkzeug
 
 import progit
 import progit.exceptions
@@ -319,7 +320,7 @@ def add_file_to_git(repo, issue, ticketfolder, user, filename, filestream):
     # Prefix the filename with a timestamp:
     filename = '%s-%s' % (
         hashlib.sha256(filestream.read()).hexdigest(),
-        filename
+        werkzeug.secure_filename(filename)
     )
 
     # Get the fork