fix: Sanitize uploaded file names. #1765

author: MohamedBassem <me@mbassem.com> 2025-08-22 21:36:44 +0300
committer: MohamedBassem <me@mbassem.com> 2025-08-22 21:36:44 +0300
commit: 39a650f63484fd8bc982311622c91ad03109547a (patch)
tree: cf16a889dcd893d8cf07274f0db0756d28153f02 /packages/api
parent: 3ed8af56da7a8e8673eb78829247c552c8801823 (diff)
download: karakeep-39a650f63484fd8bc982311622c91ad03109547a.tar.zst
1 files changed, 2 insertions, 1 deletions
diff --git a/packages/api/utils/upload.ts b/packages/api/utils/upload.ts
index 7e322c76..970323fd 100644
--- a/packages/api/utils/upload.ts
+++ b/packages/api/utils/upload.ts
@@ -62,7 +62,8 @@ export async function uploadAsset(
   }
 
   const contentType = data.type;
-  const fileName = data.name;
+  // Replace all non-ascii characters with underscores
+  const fileName = data.name.replace(/[^\x20-\x7E]/g, "_");
   if (!SUPPORTED_UPLOAD_ASSET_TYPES.has(contentType)) {
     return { error: "Unsupported asset type", status: 400 };
   }
author	MohamedBassem <me@mbassem.com>	2025-08-22 21:36:44 +0300
committer	MohamedBassem <me@mbassem.com>	2025-08-22 21:36:44 +0300
commit	39a650f63484fd8bc982311622c91ad03109547a (patch)
tree	cf16a889dcd893d8cf07274f0db0756d28153f02 /packages/api
parent	3ed8af56da7a8e8673eb78829247c552c8801823 (diff)
download	karakeep-39a650f63484fd8bc982311622c91ad03109547a.tar.zst