fix(user-export): sanitize filenames in zip properly

Signed-off-by: Erik Michelson <github@erik.michelson.eu>
This commit is contained in:
Erik Michelson 2022-11-11 22:47:06 +01:00 committed by David Mehren
parent 2342587b98
commit 0a9939cfb4
3 changed files with 22 additions and 7 deletions

View file

@ -1,6 +1,7 @@
'use strict' 'use strict'
const archiver = require('archiver') const archiver = require('archiver')
const sanitizeFilename = require('sanitize-filename')
const async = require('async') const async = require('async')
const Router = require('express').Router const Router = require('express').Router
@ -92,7 +93,7 @@ UserRouter.get('/me/export', function (req, res) {
}).then(function (notes) { }).then(function (notes) {
const filenames = {} const filenames = {}
async.each(notes, function (note, callback) { async.each(notes, function (note, callback) {
const basename = note.title.replace(/\//g, '-') // Prevent subdirectories const basename = sanitizeFilename(note.title, { replacement: '_' })
let filename let filename
let suffix = '' let suffix = ''
do { do {

View file

@ -90,6 +90,7 @@
"randomcolor": "^0.6.0", "randomcolor": "^0.6.0",
"readline-sync": "^1.4.7", "readline-sync": "^1.4.7",
"rimraf": "^3.0.2", "rimraf": "^3.0.2",
"sanitize-filename": "^1.6.3",
"scrypt-kdf": "^2.0.1", "scrypt-kdf": "^2.0.1",
"sequelize": "^5.21.1", "sequelize": "^5.21.1",
"shortid": "2.2.16", "shortid": "2.2.16",

View file

@ -680,7 +680,6 @@
"Idle.Js@git+https://github.com/shawnmclean/Idle.js": "Idle.Js@git+https://github.com/shawnmclean/Idle.js":
version "0.0.1" version "0.0.1"
uid "2b57cc6e49d177b7ddce0cca00ef5cbe07453541"
resolved "git+https://github.com/shawnmclean/Idle.js#2b57cc6e49d177b7ddce0cca00ef5cbe07453541" resolved "git+https://github.com/shawnmclean/Idle.js#2b57cc6e49d177b7ddce0cca00ef5cbe07453541"
JSV@^4.0.x: JSV@^4.0.x:
@ -2368,7 +2367,6 @@ cls-bluebird@^2.1.0:
"codemirror@git+https://github.com/hedgedoc/CodeMirror.git": "codemirror@git+https://github.com/hedgedoc/CodeMirror.git":
version "5.65.9" version "5.65.9"
uid "951b3d94bb5ad9ac7b44642adbe595e843390506"
resolved "git+https://github.com/hedgedoc/CodeMirror.git#951b3d94bb5ad9ac7b44642adbe595e843390506" resolved "git+https://github.com/hedgedoc/CodeMirror.git#951b3d94bb5ad9ac7b44642adbe595e843390506"
collection-visit@^1.0.0: collection-visit@^1.0.0:
@ -3576,7 +3574,6 @@ dezalgo@1.0.3:
"diff-match-patch@git+https://github.com/hackmdio/diff-match-patch.git": "diff-match-patch@git+https://github.com/hackmdio/diff-match-patch.git":
version "1.1.1" version "1.1.1"
uid c2f8fb9d69aa9490b764850aa86ba442c93ccf78
resolved "git+https://github.com/hackmdio/diff-match-patch.git#c2f8fb9d69aa9490b764850aa86ba442c93ccf78" resolved "git+https://github.com/hackmdio/diff-match-patch.git#c2f8fb9d69aa9490b764850aa86ba442c93ccf78"
diff@5.0.0: diff@5.0.0:
@ -6070,7 +6067,6 @@ js-sdsl@^4.1.4:
"js-sequence-diagrams@git+https://github.com/hedgedoc/js-sequence-diagrams.git": "js-sequence-diagrams@git+https://github.com/hedgedoc/js-sequence-diagrams.git":
version "2.0.1" version "2.0.1"
uid bda0e49b6c2754f3c7158b1dfb9ccf26efc24b39
resolved "git+https://github.com/hedgedoc/js-sequence-diagrams.git#bda0e49b6c2754f3c7158b1dfb9ccf26efc24b39" resolved "git+https://github.com/hedgedoc/js-sequence-diagrams.git#bda0e49b6c2754f3c7158b1dfb9ccf26efc24b39"
dependencies: dependencies:
lodash "4.17.x" lodash "4.17.x"
@ -6602,7 +6598,6 @@ lutim@^1.0.2:
"lz-string@git+https://github.com/hackmdio/lz-string.git": "lz-string@git+https://github.com/hackmdio/lz-string.git":
version "1.4.4" version "1.4.4"
uid efd1f64676264d6d8871b01f4f375fc6ef4f9022
resolved "git+https://github.com/hackmdio/lz-string.git#efd1f64676264d6d8871b01f4f375fc6ef4f9022" resolved "git+https://github.com/hackmdio/lz-string.git#efd1f64676264d6d8871b01f4f375fc6ef4f9022"
make-dir@^1.0.0: make-dir@^1.0.0:
@ -6904,7 +6899,6 @@ mermaid@9.1.7:
"meta-marked@git+https://github.com/hedgedoc/meta-marked": "meta-marked@git+https://github.com/hedgedoc/meta-marked":
version "0.4.5" version "0.4.5"
uid "0cb5065253ab0f9851baec34dc9edbb40eabf3d0"
resolved "git+https://github.com/hedgedoc/meta-marked#0cb5065253ab0f9851baec34dc9edbb40eabf3d0" resolved "git+https://github.com/hedgedoc/meta-marked#0cb5065253ab0f9851baec34dc9edbb40eabf3d0"
dependencies: dependencies:
js-yaml "~4.1.0" js-yaml "~4.1.0"
@ -9875,6 +9869,13 @@ safe-stable-stringify@^2.3.1:
resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
sanitize-filename@^1.6.3:
version "1.6.3"
resolved "https://registry.yarnpkg.com/sanitize-filename/-/sanitize-filename-1.6.3.tgz#755ebd752045931977e30b2025d340d7c9090378"
integrity sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==
dependencies:
truncate-utf8-bytes "^1.0.0"
sax@0.5.x: sax@0.5.x:
version "0.5.8" version "0.5.8"
resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1" resolved "https://registry.yarnpkg.com/sax/-/sax-0.5.8.tgz#d472db228eb331c2506b0e8c15524adb939d12c1"
@ -10821,6 +10822,13 @@ trough@^2.0.0:
resolved "https://registry.yarnpkg.com/trough/-/trough-2.1.0.tgz#0f7b511a4fde65a46f18477ab38849b22c554876" resolved "https://registry.yarnpkg.com/trough/-/trough-2.1.0.tgz#0f7b511a4fde65a46f18477ab38849b22c554876"
integrity sha512-AqTiAOLcj85xS7vQ8QkAV41hPDIJ71XJB4RCUrzo/1GM2CQwhkJGaf9Hgr7BOugMRpgGUrqRg/DrBDl4H40+8g== integrity sha512-AqTiAOLcj85xS7vQ8QkAV41hPDIJ71XJB4RCUrzo/1GM2CQwhkJGaf9Hgr7BOugMRpgGUrqRg/DrBDl4H40+8g==
truncate-utf8-bytes@^1.0.0:
version "1.0.2"
resolved "https://registry.yarnpkg.com/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz#405923909592d56f78a5818434b0b78489ca5f2b"
integrity sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==
dependencies:
utf8-byte-length "^1.0.1"
tsconfig-paths@^3.14.1: tsconfig-paths@^3.14.1:
version "3.14.1" version "3.14.1"
resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a" resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a"
@ -11181,6 +11189,11 @@ utf-8-validate@^5.0.1:
dependencies: dependencies:
node-gyp-build "^4.3.0" node-gyp-build "^4.3.0"
utf8-byte-length@^1.0.1:
version "1.0.4"
resolved "https://registry.yarnpkg.com/utf8-byte-length/-/utf8-byte-length-1.0.4.tgz#f45f150c4c66eee968186505ab93fcbb8ad6bf61"
integrity sha512-4+wkEYLBbWxqTahEsWrhxepcoVOJ+1z5PGIjPZxRkytcdSUaNjIjBM7Xn8E+pdSuV7SzvWovBFA54FO0JSoqhA==
util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1: util-deprecate@^1.0.1, util-deprecate@^1.0.2, util-deprecate@~1.0.1:
version "1.0.2" version "1.0.2"
resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"