github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-11 05:34:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(shared): extract reused path and normalization helpers

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-02 05:19:38 +00:00
parent 264599cc1d
commit 2d31126e6a
10 changed files with 99 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/browser/pw-tools-core.downloads.ts
View File

@@ -19,39 +19,11 @@ import {
requireRef,
toAIFriendlyError,
} from "./pw-tools-core.shared.js";
function sanitizeDownloadFileName(fileName: string): string {
const trimmed = String(fileName ?? "").trim();
if (!trimmed) {
return "download.bin";
}
// `suggestedFilename()` is untrusted (influenced by remote servers). Force a basename so
// path separators/traversal can't escape the downloads dir on any platform.
let base = path.posix.basename(trimmed);
base = path.win32.basename(base);
let cleaned = "";
for (let i = 0; i < base.length; i++) {
const code = base.charCodeAt(i);
if (code < 0x20 || code === 0x7f) {
continue;
}
cleaned += base[i];
}
base = cleaned.trim();
if (!base || base === "." || base === "..") {
return "download.bin";
}
if (base.length > 200) {
base = base.slice(0, 200);
}
return base;
}
import { sanitizeUntrustedFileName } from "./safe-filename.js";
function buildTempDownloadPath(fileName: string): string {
const id = crypto.randomUUID();
const safeName = sanitizeDownloadFileName(fileName);
const safeName = sanitizeUntrustedFileName(fileName, "download.bin");
return path.join(resolvePreferredOpenClawTmpDir(), "downloads", `${id}-${safeName}`);
}