fixed recursive folders and security issues with send_from_directory

verse/distribusiworkflow.py

@@ -86,7 +86,7 @@ def GetCssFile(distribusi):
 
 def RunDistribusi(userfolder, cssfile):
     parser = build_argparser()
-    args = parser.parse_args(["-s", cssfile])
+    args = parser.parse_args(["--menu-with-index", "-s", cssfile])
     distribusify(args, userfolder)
 
 

verse/start.py

@@ -5,7 +5,7 @@ from flask import (
     redirect,
     url_for,
     session,
-    send_from_directory,
+    Blueprint,
 )
 from flask_login import (
     logout_user,
@@ -34,6 +34,8 @@ from statuspengguna.registeruser import RegisterUser
 from distribusisinfo import DistribusisInfo
 
 APP = create_app()
+stash_page = Blueprint("stash_page", __name__, static_folder="stash")
+APP.register_blueprint(stash_page)
 
 
 @APP.before_request
@@ -105,9 +107,9 @@ def selector():
     return DistribusiSelector()
 
 
-@APP.route("/stash/<path:path>")
-def distribusistash(path):
-    return send_from_directory("stash", path)
+@APP.route("/stash")
+def shortstashurl():
+    return redirect(url_for("index"))
 
 
 @APP.route("/admin", methods=["GET", "POST"])