Provide only the file name, not full path.

There are 2 reasons to provide only the filename and not the full
path:
* Security: We do not want to inadvertently expose the paths to the
  outside world, or allow users to enter file system paths for this
  system.
* The code does not assume a complete path, rather, it builds the path
  to the upload directory using the filename received from the user.

2 files changed, 2 insertions, 2 deletions

diff --git a/qc_app/templates/rqtl2/rqtl2-qc-job-results.html b/qc_app/templates/rqtl2/rqtl2-qc-job-results.html
index cfa2a9c..52a230a 100644
--- a/qc_app/templates/rqtl2/rqtl2-qc-job-results.html
+++ b/qc_app/templates/rqtl2/rqtl2-qc-job-results.html
@@ -55,7 +55,7 @@
     <span class="form-col-2">{{rqtl2bundleorig}}</span>
 
     <span class="form-col-1">Internal Name</span>
-    <span class="form-col-2">{{rqtl2bundle.name[0:25]}}&hellip;</span>
+    <span class="form-col-2">{{rqtl2bundle[0:25]}}&hellip;</span>
   </fieldset>
 
   <fieldset>
diff --git a/qc_app/upload/rqtl2.py b/qc_app/upload/rqtl2.py
index 48cb1d2..6a8ab72 100644
--- a/qc_app/upload/rqtl2.py
+++ b/qc_app/upload/rqtl2.py
@@ -225,7 +225,7 @@ def rqtl2_bundle_qc_status(jobid: UUID):
                     species=species,
                     population=population_by_species_and_id(
                         dbconn, species["SpeciesId"], jobmeta["populationid"]),
-                    rqtl2bundle=Path(jobmeta["rqtl2-bundle-file"]),
+                    rqtl2bundle=Path(jobmeta["rqtl2-bundle-file"]).name,
                     rqtl2bundleorig=jobmeta["original-filename"])
 
             def compute_percentage(thejob, filetype) -> Union[str, None]: