hide base_directory, ease use CLI tools

updog/__main__.py

@@ -110,6 +110,8 @@ def main():
             except PermissionError:
                 abort(403, 'Read Permission Denied: ' + requested_path)
 
+            # remove the base_directory
+            requested_path = requested_path[len(base_directory):]
             return render_template('home.html', files=directory_files, back=back,
                                    directory=requested_path, is_subdirectory=is_subdirectory, version=VERSION)
         else:
@@ -121,22 +123,24 @@ def main():
     @app.route('/upload', methods=['POST'])
     @auth.login_required
     def upload():
+        global base_directory
+
         if request.method == 'POST':
 
             # No file part - needs to check before accessing the files['file']
             if 'file' not in request.files:
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))
 
-            path = request.form['path']
+            path = base_directory + request.form.get('path', '/')
             # Prevent file upload to paths outside of base directory
             if not is_valid_upload_path(path, base_directory):
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))
 
             for file in request.files.getlist('file'):
 
                 # No filename attached
                 if file.filename == '':
-                    return redirect(request.referrer)
+                    return redirect(request.headers.get('Referer', '/'))
 
                 # Assuming all is good, process and save out the file
                 # TODO:
@@ -149,7 +153,7 @@ def main():
                     except PermissionError:
                         abort(403, 'Write Permission Denied: ' + full_path)
 
-            return redirect(request.referrer)
+            return redirect(request.headers.get('Referer', '/'))
 
     # Password functionality is without username
     users = {