From a2f81c85cdd19ad66a2093f331107a4d86af7da8 Mon Sep 17 00:00:00 2001
From: Antoine Fontaine <antoine.fontaine@epfl.ch>
Date: Sat, 15 Jun 2019 16:39:33 +0200
Subject: [PATCH] Now sanitizes filename

---
 src/moodle-provider.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/moodle-provider.c b/src/moodle-provider.c
index 08e9923..5d184d9 100644
--- a/src/moodle-provider.c
+++ b/src/moodle-provider.c
@@ -53,6 +53,17 @@ struct cb_data {
   gchar            *filename;  // the file we are looking for: when caching, the file should be accessible from here.
 };
 
+static gchar *
+sanitize_filename (const gchar *filename) {
+  gchar *clean = g_utf8_make_valid (filename, strlen (filename));
+  unsigned long len = strlen (clean);
+  g_strdelimit (clean, "/", '-');
+  while (*clean == '.' || *clean == '-') {
+    memmove (clean, clean+1, len--);
+  }
+  return clean;
+}
+
 G_GNUC_CONST static const gchar *
 get_cache_dir (void)
 {
@@ -73,10 +84,12 @@ get_resource_filename (gint res_type, guint id, const gchar *filename)
   gchar *filepath;
   switch (res_type) {
   case RESOURCE_FILE:
-    if (filename) // used when we have a file by id and we want to save it to his real name
-      filepath = g_strdup_printf ("file://%s/%s", get_cache_dir (), filename);
-    else
+    if (filename) { // used when we have a file by id and we want to save it to his real name
+      g_autofree gchar *sane_filename = sanitize_filename (filename);
+      filepath = g_strdup_printf ("file://%s/%s", get_cache_dir (), sane_filename);
+    } else {
       filepath = g_strdup_printf ("file://%s/file-%u", get_cache_dir (), id);
+    }
     break;
   case RESOURCE_FOLDERFILE:
     filepath = g_strdup_printf ("file://%s/%s", get_cache_dir (), filename);
-- 
GitLab