diff --git a/bashbot.sh b/bashbot.sh
index 98dcda2..4b28dd2 100755
--- a/bashbot.sh
+++ b/bashbot.sh
@@ -30,7 +30,7 @@ BOTCOMMANDS="-h  help  init  start  stop  status  suspendback  resumeback  killb
 #     8 - curl/wget missing
 #     10 - not bash!
 #
-#### $$VERSION$$ v1.45-dev-15-gd3a1cec
+#### $$VERSION$$ v1.45-dev-24-g785e769
 ##################################################################
 
 # are we running in a terminal?
@@ -509,6 +509,36 @@ sendJson(){
 	[ -n "${BASHBOT_EVENT_SEND[*]}" ] && event_send "send" "${@}" &
 }
 
+UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
+
+# $1 chat $2 file, $3 calling function
+# return final file name or empty string on error
+checkUploadFile() {
+	local err file="$2"
+	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
+	if [[ "${file}" = '/'* ]] ; then
+		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
+	else
+		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
+	fi
+	[ ! -r "${file}" ] && err=3	# and file must exits of course
+	# file path error, generate error response
+	if [ -n "${err}" ]; then
+	    BOTSENT=(); BOTSENT[OK]="false"
+	    case "${err}" in
+		1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
+		2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
+		3) if [[ "$2" == "/"* ]];then
+			BOTSENT[ERROR]="File not found: $2"
+		   else
+			BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
+		   fi;;
+	    esac
+	    [ -n "${BASHBOTDEBUG}" ] && log_debug "$3: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
+	    return 1
+	fi
+}
+
 
 #
 # curl / wget specific functions
diff --git a/modules/chatMember.sh b/modules/chatMember.sh
index c21a331..dc2358a 100644
--- a/modules/chatMember.sh
+++ b/modules/chatMember.sh
@@ -5,7 +5,7 @@
 # This file is public domain in the USA and all free countries.
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
-#### $$VERSION$$ v1.45-dev-23-g805a74e
+#### $$VERSION$$ v1.45-dev-24-g785e769
 
 # will be automatically sourced from bashbot
 
@@ -32,30 +32,8 @@ set_chat_description() {
 
 # $1 chat  $2 file
 set_chat_photo() {
-	local file=$2
-#XXX factor out to checkFileLocation ??
-	[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
-	if [[ "${file}" = '/'* ]] ; then
-		[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
-	else
-		file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
-	fi
-	[ ! -r "${file}" ] && err=3	# and file must exits of course
-	# file path error, generate error response
-	if [ -n "${err}" ]; then
-	    BOTSENT=(); BOTSENT[OK]="false"
-	    case "${err}" in
-		1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
-		2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
-		3) if [[ "$2" == "/"* ]];then
-			BOTSENT[ERROR]="File not found: $2"
-		   else
-			BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
-		   fi;;
-	    esac
-	    [ -n "${BASHBOTDEBUG}" ] && log_debug "set_chat_photo: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
-	    return
-	fi
+	local file; file="$(checkUploadFile "$1" "$2" "set_chat_photo")"
+	[ -z "${file}" ] && return 1
 	sendUpload "$1" "photo" "${file}" "${URL}/setChatPhoto" 
 }
 # $1 chat 
diff --git a/modules/sendMessage.sh b/modules/sendMessage.sh
index bf6a78e..246ecb4 100644
--- a/modules/sendMessage.sh
+++ b/modules/sendMessage.sh
@@ -6,7 +6,7 @@
 # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying)
 #
 # shellcheck disable=SC1117
-#### $$VERSION$$ v1.45-dev-23-g805a74e
+#### $$VERSION$$ v1.45-dev-24-g785e769
 
 # will be automatically sourced from bashbot
 
@@ -262,12 +262,10 @@ else
   }
 fi
 
-UPLOADDIR="${BASHBOT_UPLOAD:-${DATADIR}/upload}"
-
 # supports local file, URL and file_id
 # $1 chat, $2 file https::// file_id:// , $3 caption, $4 extension (optional)
 send_file(){
-	local url what num stat err media capt file="$2" ext="$4"
+	local url what num stat media capt file="$2" ext="$4"
 	capt="$(JsonEscape "$3")"
 	if [[ "${file}" =~ ^https*:// ]]; then
 		media="URL"
@@ -277,29 +275,8 @@ send_file(){
 	else
 		# we have a file, check file location ...
 		media="FILE"
-#XXX factor out to checkFileLocation ??
-		[[ "${file}" = *'..'* || "${file}" = '.'* ]] && err=1 	# no directory traversal
-		if [[ "${file}" = '/'* ]] ; then
-			[[ ! "${file}" =~ ${FILE_REGEX} ]] && err=2	# absolute must match REGEX
-		else
-			file="${UPLOADDIR:-NOUPLOADDIR}/${file}"	# others must be in UPLOADDIR
-		fi
-		[ ! -r "${file}" ] && err=3	# and file must exits of course
-		# file path error, generate error response
-		if [ -n "${err}" ]; then
-		    BOTSENT=(); BOTSENT[OK]="false"
-		    case "${err}" in
-			1) BOTSENT[ERROR]="Path to file $2 contains to much '../' or starts with '.'";;
-			2) BOTSENT[ERROR]="Path to file $2 does not match regex: ${FILE_REGEX} ";;
-			3) if [[ "$2" == "/"* ]];then
-				BOTSENT[ERROR]="File not found: $2"
-			   else
-				BOTSENT[ERROR]="File not found: ${UPLOADDIR}/$2"
-			   fi;;
-		    esac
-		    [ -n "${BASHBOTDEBUG}" ] && log_debug "upload_file: CHAT=$1 FILE=$2 MSG=${BOTSENT[DESCRIPTION]}"
-		    return
-		fi
+		file="$(checkUploadFile "$1" "$2" "send_file")"
+		[ -z "${file}" ] && return 1
 		# file OK, let's continue
 	fi