commit b3df42fc3cd96a14624878d89db1ae4ed0d3a617
parent 04b21f42ece1b0fc97335c4be6f0ddc532ebc5a7
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Wed, 15 Feb 2023 02:47:00 -0800
uploaded file name must be ascii printable only
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/api/v1/uploadInterceptor.go b/pkg/web/handlers/api/v1/uploadInterceptor.go
@@ -41,6 +41,9 @@ func handleUploadedFile(file multipart.File, handler *multipart.FileHeader, auth
if handler.Size > config.MaxUserFileUploadSize {
return nil, fmt.Errorf("the maximum file size is %s", humanize.Bytes(config.MaxUserFileUploadSize))
}
+ if !govalidator.IsPrintableASCII(origFileName) {
+ return nil, errors.New("file name must be ascii printable only")
+ }
if !govalidator.StringLength(origFileName, "3", "50") {
return nil, errors.New("invalid file name, 3-50 characters")
}
