From 783b482a0a894104219bc75a78ae053e025996d4 Mon Sep 17 00:00:00 2001
From: lza_menace <lza_menace@protonmail.com>
Date: Wed, 23 Sep 2020 21:55:00 -0700
Subject: [PATCH] add randomization to filenames so users cannot overwrite each
 other's images

---
 suchwow/routes/post.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/suchwow/routes/post.py b/suchwow/routes/post.py
index 5b14a43..1c62af6 100644
--- a/suchwow/routes/post.py
+++ b/suchwow/routes/post.py
@@ -2,6 +2,7 @@ from os import path
 from flask import render_template, Blueprint, request, session, flash
 from flask import send_from_directory, redirect, url_for, current_app
 from werkzeug.utils import secure_filename
+from secrets import token_urlsafe
 from suchwow import wownero
 from suchwow.models import Post, Comment
 from suchwow.utils.decorators import login_required, profile_required
@@ -67,7 +68,10 @@ def create():
             flash("You didn't give your meme a spicy title, bro! You're fuckin up!")
             return redirect(request.url)
         if file and allowed_file(file.filename):
-            filename = secure_filename(file.filename)
+            filename =  "{}-{}".format(
+                token_urlsafe(12),
+                secure_filename(file.filename)
+            )
             save_path_base = path.join(current_app.config["DATA_FOLDER"], "uploads")
             save_path = path.join(save_path_base, filename)
             file.save(save_path)