From 64c5bf5b642a63ae0f5ea8e3e882ca69a82b4c91 Mon Sep 17 00:00:00 2001
From: Victor Tomaili <victor@serenity.is>
Date: Wed, 24 Jan 2024 14:51:36 +0300
Subject: [PATCH] The default date format is `yyyyMMddhhmmss` if not specified.

The exception message for not secure relative path is more clear now.
---
 src/Serenity.Net.Core/Helpers/PathHelper.cs          | 4 ++--
 src/Serenity.Net.Services/Upload/UploadFormatting.cs | 8 ++++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/Serenity.Net.Core/Helpers/PathHelper.cs b/src/Serenity.Net.Core/Helpers/PathHelper.cs
index f5c17ed213..e142075ef7 100644
--- a/src/Serenity.Net.Core/Helpers/PathHelper.cs
+++ b/src/Serenity.Net.Core/Helpers/PathHelper.cs
@@ -1,4 +1,4 @@
-using System.IO;
+using System.IO;
 
 namespace Serenity;
 
@@ -47,7 +47,7 @@ public static string SecureCombine(string root, string relativePath)
             throw new ArgumentNullException(nameof(relativePath));
 
         if (relativePath.Length > 0 && !IsSecureRelativePath(relativePath))
-            throw new ArgumentOutOfRangeException(nameof(relativePath));
+            throw new ArgumentOutOfRangeException(nameof(relativePath), "Invalid characters in path!");
 
         return Path.Combine(root, relativePath);
     }
diff --git a/src/Serenity.Net.Services/Upload/UploadFormatting.cs b/src/Serenity.Net.Services/Upload/UploadFormatting.cs
index b4cc734a62..18f425a452 100644
--- a/src/Serenity.Net.Services/Upload/UploadFormatting.cs
+++ b/src/Serenity.Net.Services/Upload/UploadFormatting.cs
@@ -1,4 +1,4 @@
-using Serenity.IO;
+using Serenity.IO;
 using Path = System.IO.Path;
 
 namespace Serenity.Web;
@@ -44,7 +44,11 @@ public static string FormatFilename(FormatFilenameOptions options)
         if (string.IsNullOrEmpty(originalName))
             throw new ArgumentNullException(nameof(originalName));
 
-        var formatted = string.Format(options.Format, identity, groupKey, 
+        var formatted = options.Format;
+        if (formatted.Contains("{3}", StringComparison.OrdinalIgnoreCase))
+            formatted = formatted.Replace("{3}", "{3:yyyyMMddhhmmss}");
+
+        formatted = string.Format(formatted, identity, groupKey, 
             TemporaryFileHelper.RandomFileCode(), DateTime.Now,
             Path.GetFileNameWithoutExtension(originalName)) + Path.GetExtension(options.OriginalName);