From 3344c02c8024bac92a2f4788ca8b35902366a57a Mon Sep 17 00:00:00 2001
From: Raphael Michel <mail@raphaelmichel.de>
Date: Tue, 1 Nov 2016 19:36:06 +0100
Subject: [PATCH] Do not show absolute file paths to user

---
 src/pretix/control/forms/__init__.py | 16 ++++++++++++++++
 src/pretix/presale/context.py        |  1 +
 2 files changed, 17 insertions(+)

diff --git a/src/pretix/control/forms/__init__.py b/src/pretix/control/forms/__init__.py
index 9b40e3a5fa..3952dedfe5 100644
--- a/src/pretix/control/forms/__init__.py
+++ b/src/pretix/control/forms/__init__.py
@@ -1,6 +1,7 @@
 import os
 
 from django import forms
+from django.utils.html import conditional_escape
 from django.utils.translation import ugettext_lazy as _
 
 from ...base.forms import I18nModelForm
@@ -57,7 +58,22 @@ def selector(values, prop):
     ]
 
 
+class ClearableBasenameFileInput(forms.ClearableFileInput):
+
+    def get_template_substitution_values(self, value):
+        """
+        Return value-related substitutions.
+        """
+        bname = os.path.basename(value.name)
+        return {
+            'initial': conditional_escape(bname),
+            'initial_url': conditional_escape(value.url),
+        }
+
+
 class ExtFileField(forms.FileField):
+    widget = ClearableBasenameFileInput
+
     def __init__(self, *args, **kwargs):
         ext_whitelist = kwargs.pop("ext_whitelist")
         self.ext_whitelist = [i.lower() for i in ext_whitelist]
diff --git a/src/pretix/presale/context.py b/src/pretix/presale/context.py
index 609db7b2a5..519aa7a87f 100644
--- a/src/pretix/presale/context.py
+++ b/src/pretix/presale/context.py
@@ -3,6 +3,7 @@ from django.core.files.storage import default_storage
 
 from pretix.base.i18n import LazyI18nString
 from pretix.base.settings import GlobalSettingsObject
+
 from .signals import footer_link, html_head