Merge pull request #242 from MalloZup/alpha-15

sanitize filenames
ClusterLabs · Mar 2, 2021 · dc7ce1d · dc7ce1d
2 parents b0e2a8b + de5e6e5
commit dc7ce1d
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/hawk/app/models/report.rb b/hawk/app/models/report.rb
@@ -289,8 +289,8 @@ class Upload < Tableless
         errors.add(:upload, _("must have correct MIME type (was %s)") % record.upload.content_type)
       end
 
-      unless record.upload.original_filename =~ /\.tar\.(bz2|gz|xz)\z/
-        errors.add(:upload, _("must have correct file extension"))
+      unless record.upload.original_filename =~ /^[a-zA-Z0-9_-]+\.tar\.(bz2|gz|xz)\z/
+        errors.add(:upload, _("must have correct file extension or right alphanumeric chars"))
       end
     end