Skip to content

Commit

Permalink
BUG/MINOR: do not allow '#' in uploaded filenames
Browse files Browse the repository at this point in the history 
For 2 reasons:

- it can break HAProx's config syntax
- it is not allowed by ALOHA
  • Loading branch information
@oliwer @oktalz
oliwer authored and oktalz committed Aug 29, 2023
1 parent c863440 commit 9d178d8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 8 deletions.
2 changes: 1 addition & 1 deletion misc/stringutil.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,7 +255,7 @@ func SanitizeFilename(name string) string {
}
// leave all alphanumeric and 3 additional ones
// # _ -
reg := regexp.MustCompile(`[^a-zA-Z0-9#_\\-]+`)
reg := regexp.MustCompile(`[^a-zA-Z0-9_\\-]+`)
name = reg.ReplaceAllString(name, "_")

if ext != "" {
Expand Down
9 changes: 2 additions & 7 deletions misc/stringutil_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,10 @@ func TestSanitizeFilename(t *testing.T) {
input string
want string
}{
{
name: "Should preserve # and . in input",
input: "#4_abc.#",
want: "#4_abc.#",
},
{
name: "Should convert leading dots",
input: ".....file.map!!@#",
want: "_file.map_#",
want: "_file.map_",
},
{
name: "Should convert hidden files",
Expand All @@ -46,7 +41,7 @@ func TestSanitizeFilename(t *testing.T) {
{
name: "Should sanitize input correctly",
input: "#1_?a;b/c!&?",
want: "#1__a_b_c_",
want: "_1__a_b_c_",
},
{
name: "Should return same input when name doesn't contain regex characters",
Expand Down

0 comments on commit 9d178d8

Please sign in to comment.