CIzz22
/
rbd-app
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: remove command substitution patterns from filenames during sanitization.

Browse Source
main
Cizz22 3 weeks ago
parent e748769012
commit 42a289ffcb
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

5
src/utils.py
Unescape Escape View File

@ -164,7 +164,10 @@ def sanitize_filename(filename: str) -> str:
# Remove consecutive dots to prevent directory traversal attempts like '..' # Remove consecutive dots to prevent directory traversal attempts like '..'
filename = re.sub(r'\.{2,}', '.', filename) filename = re.sub(r'\.{2,}', '.', filename)
# remove potential $(
filename = re.sub(r'\$\([\s\S]*?\)', '', filename)
# Ensure filename is not practically empty after sanitization # Ensure filename is not practically empty after sanitization
if not filename.strip() or filename.strip().replace('.', '') == '': if not filename.strip() or filename.strip().replace('.', '') == '':
raise ValueError("Filename invalid after sanitization") raise ValueError("Filename invalid after sanitization")

Write Preview
Loading…
Cancel
Save