2 files changed, 3 insertions, 2 deletions

diff --git a/src/config.rs b/src/config.rs
index 4f794d1..1331e7d 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -16,6 +16,7 @@ use rustls_pemfile as pemfile;
 use crate::{
     args::{CliArgs, MediaType},
     auth::RequiredAuth,
+    file_upload::sanitize_path
 };
 
 /// Possible characters for random routes
@@ -251,7 +252,7 @@ impl MiniserveConfig {
             show_qrcode: args.qrcode,
             mkdir_enabled: args.mkdir_enabled,
             file_upload: !args.allowed_upload_dir.is_none(),
-            allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]),
+            allowed_upload_dir: args.allowed_upload_dir.unwrap_or(vec![]).iter().map(|x| sanitize_path(x, false).unwrap()).collect(),
             uploadable_media_type,
             tar_enabled: args.enable_tar,
             tar_gz_enabled: args.enable_tar_gz,
diff --git a/src/file_upload.rs b/src/file_upload.rs
index c6e7ac6..4d4f225 100644
--- a/src/file_upload.rs
+++ b/src/file_upload.rs
@@ -218,7 +218,7 @@ pub async fn upload_file(
 /// and optionally prevent traversing hidden directories.
 ///
 /// See the unit tests tests::test_sanitize_path* for examples
-fn sanitize_path(path: &Path, traverse_hidden: bool) -> Option<PathBuf> {
+pub fn sanitize_path(path: &Path, traverse_hidden: bool) -> Option<PathBuf> {
     let mut buf = PathBuf::new();
 
     for comp in path.components() {