Make static folder URL have a high-entropy random path, to avoid filename collisions with files getting shared

9 files changed, 36 insertions, 36 deletions

diff --git a/share/templates/401.html b/share/templates/401.html
index 9d3989a3..dc50f534 100644
--- a/share/templates/401.html
+++ b/share/templates/401.html
@@ -3,14 +3,14 @@
 
 <head>
   <title>OnionShare: 401 Unauthorized Access</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon" />
-  <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon" />
+  <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
 </head>
 
 <body>
   <div class="info-wrapper">
     <div class="info">
-      <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
+      <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p>
       <p class="info-header">401 Unauthorized Access</p>
     </div>
   </div>
diff --git a/share/templates/403.html b/share/templates/403.html
index f3ea4e0e..2ebab09a 100644
--- a/share/templates/403.html
+++ b/share/templates/403.html
@@ -3,14 +3,14 @@
 
 <head>
   <title>OnionShare: 403 Forbidden</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon" />
-  <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon" />
+  <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
 </head>
 
 <body>
   <div class="info-wrapper">
     <div class="info">
-      <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
+      <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p>
       <p class="info-header">You are not allowed to perform that action at this time.</p>
     </div>
   </div>
diff --git a/share/templates/404.html b/share/templates/404.html
index 1c5d7d2d..375c125d 100644
--- a/share/templates/404.html
+++ b/share/templates/404.html
@@ -3,14 +3,14 @@
 
 <head>
   <title>OnionShare: 404 Not Found</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon">
-  <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon">
+  <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
 </head>
 
 <body>
   <div class="info-wrapper">
     <div class="info">
-      <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
+      <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p>
       <p class="info-header">404 Not Found</p>
     </div>
   </div>
diff --git a/share/templates/denied.html b/share/templates/denied.html
index 94fb379b..ad4d0b21 100644
--- a/share/templates/denied.html
+++ b/share/templates/denied.html
@@ -3,7 +3,7 @@
 
 <head>
   <title>OnionShare</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon" />
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon" />
 </head>
 
 <body>
diff --git a/share/templates/listing.html b/share/templates/listing.html
index 8883eea9..e394f842 100644
--- a/share/templates/listing.html
+++ b/share/templates/listing.html
@@ -2,13 +2,13 @@
 <html>
  <head>
     <title>OnionShare</title>
-    <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon" />
-    <link href="/static/css/style.css" rel="stylesheet" type="text/css" />
+    <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon" />
+    <link href="{{ static_url_path }}/css/style.css" rel="stylesheet" type="text/css" />
   </head>
   <body>
 
     <header class="clearfix">
-      <img class="logo" src="/static/img/logo.png" title="OnionShare">
+      <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare">
       <h1>OnionShare</h1>
     </header>
 
@@ -22,7 +22,7 @@
       {% for info in dirs %}
       <tr>
         <td>
-          <img width="30" height="30" title="" alt="" src="/static/img/web_folder.png" />
+          <img width="30" height="30" title="" alt="" src="{{ static_url_path }}/img/web_folder.png" />
           <a href="{{ info.basename }}">
             {{ info.basename }}
           </a>
@@ -34,7 +34,7 @@
       {% for info in files %}
       <tr>
         <td>
-          <img width="30" height="30" title="" alt="" src="/static/img/web_file.png" />
+          <img width="30" height="30" title="" alt="" src="{{ static_url_path }}/img/web_file.png" />
           <a href="{{ info.basename }}">
             {{ info.basename }}
           </a>
diff --git a/share/templates/receive.html b/share/templates/receive.html
index dd36ac72..23242501 100644
--- a/share/templates/receive.html
+++ b/share/templates/receive.html
@@ -2,13 +2,13 @@
 <html>
  <head>
     <title>OnionShare</title>
-    <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon">
-    <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+    <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon">
+    <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
   </head>
   <body>
 
     <header class="clearfix">
-        <img class="logo" src="/static/img/logo.png" title="OnionShare">
+        <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare">
         <h1>OnionShare</h1>
     </header>
 
@@ -19,14 +19,14 @@
       -->
       <div id="noscript">
         <p>
-          <img src="/static/img/warning.png" title="Warning" /><strong>Warning:</strong> Due to a bug in Tor Browser and Firefox, uploads
+          <img src="{{ static_url_path }}/img/warning.png" title="Warning" /><strong>Warning:</strong> Due to a bug in Tor Browser and Firefox, uploads
           sometimes never finish. To upload reliably, either set your Tor Browser
           <a rel="noreferrer" target="_blank" href="https://tb-manual.torproject.org/en-US/security-slider/">security slider</a>
           to Standard or
           <a target="_blank" href="/noscript-xss-instructions">turn off your Tor Browser's NoScript XSS setting</a>.</p>
       </div>
 
-      <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
+      <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p>
 
       <p class="upload-header">Send Files</p>
       <p class="upload-description">Select the files you want to send, then click "Send Files"...</p>
@@ -51,8 +51,8 @@
       </form>
 
     </div>
-    <script src="/static/js/receive-noscript.js"></script>
-    <script src="/static/js/jquery-3.4.0.min.js"></script>
-    <script async src="/static/js/receive.js"></script>
+    <script src="{{ static_url_path }}/js/receive-noscript.js"></script>
+    <script src="{{ static_url_path }}/js/jquery-3.4.0.min.js"></script>
+    <script async src="{{ static_url_path }}/js/receive.js"></script>
   </body>
 </html>
diff --git a/share/templates/receive_noscript_xss.html b/share/templates/receive_noscript_xss.html
index bce78524..84d35ba1 100644
--- a/share/templates/receive_noscript_xss.html
+++ b/share/templates/receive_noscript_xss.html
@@ -2,13 +2,13 @@
 <html>
  <head>
     <title>OnionShare</title>
-    <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon">
-    <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+    <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon">
+    <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
   </head>
   <body>
 
     <header class="clearfix">
-        <img class="logo" src="/static/img/logo.png" title="OnionShare">
+        <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare">
         <h1>OnionShare</h1>
     </header>
 
diff --git a/share/templates/send.html b/share/templates/send.html
index 7be9e100..e0076c0f 100644
--- a/share/templates/send.html
+++ b/share/templates/send.html
@@ -3,8 +3,8 @@
 
 <head>
   <title>OnionShare</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon">
-  <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon">
+  <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
   <meta name="onionshare-filename" content="{{ filename }}">
   <meta name="onionshare-filesize" content="{{ filesize }}">
 </head>
@@ -18,7 +18,7 @@
         <li><a class="button" href='/download'>Download Files</a></li>
       </ul>
     </div>
-    <img class="logo" src="/static/img/logo.png" title="OnionShare">
+    <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare">
     <h1>OnionShare</h1>
   </header>
 
@@ -31,7 +31,7 @@
     {% for info in file_info.dirs %}
     <tr>
       <td>
-        <img width="30" height="30" title="" alt="" src="/static/img/web_folder.png" />
+        <img width="30" height="30" title="" alt="" src="{{ static_url_path }}/img/web_folder.png" />
         {{ info.basename }}
       </td>
       <td>{{ info.size_human }}</td>
@@ -41,7 +41,7 @@
     {% for info in file_info.files %}
     <tr>
       <td>
-        <img width="30" height="30" title="" alt="" src="/static/img/web_file.png" />
+        <img width="30" height="30" title="" alt="" src="{{ static_url_path }}/img/web_file.png" />
         {{ info.basename }}
       </td>
       <td>{{ info.size_human }}</td>
@@ -49,7 +49,7 @@
     </tr>
     {% endfor %}
   </table>
-  <script async src="/static/js/send.js" charset="utf-8"></script>
+  <script async src="{{ static_url_path }}/js/send.js" charset="utf-8"></script>
 </body>
 
 </html>
diff --git a/share/templates/thankyou.html b/share/templates/thankyou.html
index c4b39cde..b7e2b97c 100644
--- a/share/templates/thankyou.html
+++ b/share/templates/thankyou.html
@@ -3,19 +3,19 @@
 
 <head>
   <title>OnionShare is closed</title>
-  <link href="/static/img/favicon.ico" rel="icon" type="image/x-icon">
-  <link rel="stylesheet" rel="subresource" type="text/css" href="/static/css/style.css" media="all">
+  <link href="{{ static_url_path }}/img/favicon.ico" rel="icon" type="image/x-icon">
+  <link rel="stylesheet" rel="subresource" type="text/css" href="{{ static_url_path }}/css/style.css" media="all">
 </head>
 
 <body>
   <header class="clearfix">
-    <img class="logo" src="/static/img/logo.png" title="OnionShare">
+    <img class="logo" src="{{ static_url_path }}/img/logo.png" title="OnionShare">
     <h1>OnionShare</h1>
   </header>
 
   <div class="info-wrapper">
     <div class="info">
-      <p><img class="logo" src="/static/img/logo_large.png" title="OnionShare"></p>
+      <p><img class="logo" src="{{ static_url_path }}/img/logo_large.png" title="OnionShare"></p>
       <p class="info-header">Thank you for using OnionShare</p>
       <p class="info-description">You may now close this window.</p>
     </div>