Skip to content
This repository was archived by the owner on Dec 12, 2025. It is now read-only.

Commit 4df51b0

Browse files
fox3000foxyfox3000foxy
committed
fix(download): sanitize filename in Content-Disposition header to prevent invalid characters
1 parent 8ca97a7 commit 4df51b0

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

src/controllers/GameController.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -417,7 +417,9 @@ export class Games {
417417
return res.status(fileRes.status).send({ message: 'Error fetching file' });
418418
}
419419

420-
res.setHeader('Content-Disposition', `attachment; filename="${game.name}.zip"`);
420+
// Sanitize the filename to remove invalid characters
421+
const sanitizedFilename = game.name.replace(/[^a-zA-Z0-9-_\.]/g, '_');
422+
res.setHeader('Content-Disposition', `attachment; filename="${sanitizedFilename}.zip"`);
421423
res.setHeader('Content-Type', fileRes.headers.get('content-type') || 'application/octet-stream');
422424

423425
const contentLength = fileRes.headers.get('content-length');

0 commit comments

Comments
 (0)