From c4b0eeeacd985b27e2a720fa5365417b7371648d Mon Sep 17 00:00:00 2001 From: Sameer <142401625+sameer6pre@users.noreply.github.com> Date: Mon, 19 May 2025 14:01:19 +0530 Subject: [PATCH] Update orbit-app/src/components/DownloadFile.jsx in branch Precogs-fix-ifjbm5gd --- orbit-app/src/components/DownloadFile.jsx | 44 +++++++++++++++-------- 1 file changed, 30 insertions(+), 14 deletions(-) diff --git a/orbit-app/src/components/DownloadFile.jsx b/orbit-app/src/components/DownloadFile.jsx index 2bcc58f..c44042f 100644 --- a/orbit-app/src/components/DownloadFile.jsx +++ b/orbit-app/src/components/DownloadFile.jsx @@ -5,21 +5,37 @@ function DownloadFile() { const [fileData, setFileData] = useState(null); const [fileId, setFileId] = useState(''); - const handleDownload = async () => { - try { - const response = await axios.get(`${BASE_URL}/${fileId}`); - - setFileData(response.data); - - const link = document.createElement('a'); - link.href = URL.createObjectURL(new Blob([response.data], { type: 'application/octet-stream' })); - link.download = fileId; // File downloaded with ID - link.click(); - } catch (error) { - console.error('Error downloading file:', error); - alert('Failed to download the file. Please try again.'); +async () => { + try { + // Validate and sanitize the fileId parameter + if (!isValidFileId(fileId)) { + throw new Error('Invalid file ID'); } - }; + + const response = await axios.get(`${BASE_URL}/${fileId}`); + + setFileData(response.data); + + const link = document.createElement('a'); + link.href = URL.createObjectURL(new Blob([response.data], { type: 'application/octet-stream' })); + link.download = sanitizeFileName(fileId); // Ensure the filename is safe + link.click(); + } catch (error) { + console.error('Error downloading file:', error); + alert('Failed to download the file. Please try again.'); + } +} + +// Helper functions for validation and sanitization +function isValidFileId(fileId) { + // Implement validation logic, e.g., regex check or database lookup + return /^[a-zA-Z0-9_-]+$/.test(fileId); +} + +function sanitizeFileName(fileName) { + // Implement sanitization logic, e.g., remove unsafe characters + return fileName.replace(/[^a-zA-Z0-9_-]/g, '_'); +} return (