From f7aaeaa1cf69932a5ba01ec967f78eeee0004a25 Mon Sep 17 00:00:00 2001
From: neingeist <neingeist@bl0rg.net>
Date: Mon, 12 Nov 2018 19:42:01 +0100
Subject: [PATCH] make checking for illegal filenames explicit

---
 prolefeeder.py | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/prolefeeder.py b/prolefeeder.py
index a6a6d7b..acc653c 100644
--- a/prolefeeder.py
+++ b/prolefeeder.py
@@ -55,12 +55,9 @@ def download():
 def download_file(filename):
     """Download an output file"""
 
-    # Get attachment filename. This also makes sure that the user only downloads
-    # (and removes) a file generated by us.
-    try:
-        attachment_filename = attachment_filenames.pop(filename)
-    except KeyError:
+    if filename not in attachment_filenames:
         abort(404)
+    attachment_filename = attachment_filenames.pop(filename)
 
     fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb')
     os.remove(os.path.join(app.config['TMP_DIR'], filename))