diff --git a/mobsf/MobSF/init.py b/mobsf/MobSF/init.py
index 812a34818..b07aa2b95 100644
--- a/mobsf/MobSF/init.py
+++ b/mobsf/MobSF/init.py
@@ -18,7 +18,7 @@
logger = logging.getLogger(__name__)
-VERSION = '4.2.8'
+VERSION = '4.2.9'
BANNER = r"""
__ __ _ ____ _____ _ _ ____
| \/ | ___ | |__/ ___|| ___|_ _| || | |___ \
diff --git a/mobsf/MobSF/views/home.py b/mobsf/MobSF/views/home.py
index 7760e60b1..68614d15f 100755
--- a/mobsf/MobSF/views/home.py
+++ b/mobsf/MobSF/views/home.py
@@ -163,7 +163,7 @@ def upload(self):
request = self.request
scanning = Scanning(request)
content_type = self.file.content_type
- file_name = self.file.name
+ file_name = sanitize_filename(self.file.name)
logger.info('MIME Type: %s FILE: %s', content_type, file_name)
if self.file_type.is_apk():
return scanning.scan_apk()
diff --git a/mobsf/MobSF/views/scanning.py b/mobsf/MobSF/views/scanning.py
index 68ed6a5b3..ccf113352 100644
--- a/mobsf/MobSF/views/scanning.py
+++ b/mobsf/MobSF/views/scanning.py
@@ -8,6 +8,7 @@
from django.utils import timezone
from mobsf.StaticAnalyzer.models import RecentScansDB
+from mobsf.MobSF.security import sanitize_filename
logger = logging.getLogger(__name__)
@@ -62,7 +63,8 @@ class Scanning(object):
def __init__(self, request):
self.file = request.FILES['file']
- self.file_name = request.FILES['file'].name
+ self.file_name = sanitize_filename(
+ request.FILES['file'].name)
self.data = {
'analyzer': 'static_analyzer',
'status': 'success',
diff --git a/mobsf/templates/general/recent.html b/mobsf/templates/general/recent.html
index 9c5e1fa17..15396b1d4 100644
--- a/mobsf/templates/general/recent.html
+++ b/mobsf/templates/general/recent.html
@@ -184,6 +184,18 @@ Recent Scans
{% block extra_scripts %}