Skip to content

Commit 77a78fc

Browse files
rgclaytonRyan Claytonauniverseaway
authored
Sanitize uploaded file path (#325)
Co-authored-by: Ryan Clayton <[email protected]> Co-authored-by: Chris Millar <[email protected]>
1 parent ae4eb18 commit 77a78fc

File tree

2 files changed

+17
-3
lines changed

2 files changed

+17
-3
lines changed

blocks/browse/da-list/helpers/drag-n-drop.js

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,18 +81,25 @@ export async function getFullEntryList(entries) {
8181
return files.filter((file) => file);
8282
}
8383

84+
export function sanitizePath(path) {
85+
const pathArray = path.split('/');
86+
const sanitizedArray = pathArray.map((element) => element.replaceAll(/[^a-zA-Z0-9.]/g, '-').toLowerCase());
87+
return [...sanitizedArray].join('/');
88+
}
89+
8490
export async function handleUpload(list, fullpath, file) {
8591
const { data, path } = file;
8692
const formData = new FormData();
8793
formData.append('data', data);
8894
const opts = { method: 'POST', body: formData };
89-
const postpath = `${fullpath}${path}`;
95+
const sanitizedPath = sanitizePath(path);
96+
const postpath = `${fullpath}${sanitizedPath}`;
9097

9198
try {
9299
await daFetch(`${DA_ORIGIN}/source${postpath}`, opts);
93100
file.imported = true;
94101

95-
const [displayName] = path.split('/').slice(1);
102+
const [displayName] = sanitizedPath.split('/').slice(1);
96103
const [filename, ...rest] = displayName.split('.');
97104
const ext = rest.pop();
98105
const rejoined = [filename, ...rest].join('.');

test/unit/blocks/browse/helpers/helpers.test.js

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
import { expect } from '@esm-bundle/chai';
22
import { stub } from 'sinon';
3-
import { getFullEntryList, handleUpload } from '../../../../../blocks/browse/da-list/helpers/drag-n-drop.js';
3+
import { getFullEntryList, handleUpload, sanitizePath } from '../../../../../blocks/browse/da-list/helpers/drag-n-drop.js';
44

55
const goodEntry = {
66
isDirectory: false,
@@ -81,4 +81,11 @@ describe('Upload and format', () => {
8181
const item = await handleUpload(list, fullpath, packagedFile);
8282
expect(item).to.exist;
8383
});
84+
85+
it('Returns sanitize file path', async () => {
86+
const path = '/new folder/geo_metrixx.jpg';
87+
const item = sanitizePath(path);
88+
console.log('item', item);
89+
expect(item).to.equal('/new-folder/geo-metrixx.jpg');
90+
});
8491
});

0 commit comments

Comments
 (0)