From 39a650f63484fd8bc982311622c91ad03109547a Mon Sep 17 00:00:00 2001
From: MohamedBassem <me@mbassem.com>
Date: Fri, 22 Aug 2025 21:36:44 +0300
Subject: fix: Sanitize uploaded file names. #1765

---
 packages/api/utils/upload.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'packages/api')

diff --git a/packages/api/utils/upload.ts b/packages/api/utils/upload.ts
index 7e322c76..970323fd 100644
--- a/packages/api/utils/upload.ts
+++ b/packages/api/utils/upload.ts
@@ -62,7 +62,8 @@ export async function uploadAsset(
   }
 
   const contentType = data.type;
-  const fileName = data.name;
+  // Replace all non-ascii characters with underscores
+  const fileName = data.name.replace(/[^\x20-\x7E]/g, "_");
   if (!SUPPORTED_UPLOAD_ASSET_TYPES.has(contentType)) {
     return { error: "Unsupported asset type", status: 400 };
   }
-- 
cgit v1.2.3-70-g09d2