From 0f660a0897eabbfea963a8530ad3f947d30165c9 Mon Sep 17 00:00:00 2001
From: daniel-j <daniel.j.hede@gmail.com>
Date: Sun, 21 Jul 2024 16:43:09 +0200
Subject: [PATCH] add npm module sanitize-filename

---
 index.js          |  5 +++--
 package-lock.json | 25 +++++++++++++++++++++++++
 package.json      |  1 +
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index 1a23609..7901275 100644
--- a/index.js
+++ b/index.js
@@ -13,6 +13,7 @@ const { spawn } = require('child_process')
 const { extname, basename, dirname } = require('path')
 const FileType = require('file-type')
 const { transliterate } = require('transliteration')
+const sanitize = require('sanitize-filename')
 
 const port = 3001
 const expireDelay = 30  // 30 seconds
@@ -109,7 +110,7 @@ const upload = multer({
   fileFilter: (req, file, cb) => {
     // Fixes charset
     // https://github.com/expressjs/multer/issues/1104#issuecomment-1152987772
-    file.originalname = Buffer.from(file.originalname, 'latin1').toString('utf8')
+    file.originalname = sanitize(Buffer.from(file.originalname, 'latin1').toString('utf8'))
 
     console.log('Incoming file:', file)
     const key = req.body.key.toUpperCase()
@@ -304,7 +305,7 @@ router.post('/upload', async (ctx, next) => {
     let data = null
     filename = ctx.request.file.originalname
     if (ctx.request.body.transliteration) {
-      filename = doTransliterate(filename)
+      filename = sanitize(doTransliterate(filename))
     }
     if (info.agent.includes('Kindle')) {
       filename = filename.replace(/[^\.\w\-"'\(\)]/g, '_')
diff --git a/package-lock.json b/package-lock.json
index 6b5ceda..05791c4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -20,6 +20,7 @@
         "mkdirp": "^3.0.1",
         "multer": "^1.4.5-lts.1",
         "patch-package": "^8.0.0",
+        "sanitize-filename": "^1.6.3",
         "transliteration": "^2.3.5"
       }
     },
@@ -2216,6 +2217,15 @@
       ],
       "license": "MIT"
     },
+    "node_modules/sanitize-filename": {
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/sanitize-filename/-/sanitize-filename-1.6.3.tgz",
+      "integrity": "sha512-y/52Mcy7aw3gRm7IrcGDFx/bCk4AhRh2eI9luHOQM86nZsqwiRkkq2GekHXBBD+SmPidc8i2PqtYZl+pWJ8Oeg==",
+      "license": "WTFPL OR ISC",
+      "dependencies": {
+        "truncate-utf8-bytes": "^1.0.0"
+      }
+    },
     "node_modules/semver": {
       "version": "6.3.1",
       "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
@@ -2440,6 +2450,15 @@
         "node": ">=6.0.0"
       }
     },
+    "node_modules/truncate-utf8-bytes": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/truncate-utf8-bytes/-/truncate-utf8-bytes-1.0.2.tgz",
+      "integrity": "sha512-95Pu1QXQvruGEhv62XCMO3Mm90GscOCClvrIUwCM0PYOXK3kaF3l3sIHxx71ThJfcbM2O5Au6SO3AWCSEfW4mQ==",
+      "license": "WTFPL",
+      "dependencies": {
+        "utf8-byte-length": "^1.0.1"
+      }
+    },
     "node_modules/tsscmp": {
       "version": "1.0.6",
       "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
@@ -2507,6 +2526,12 @@
         "browserslist": ">= 4.21.0"
       }
     },
+    "node_modules/utf8-byte-length": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/utf8-byte-length/-/utf8-byte-length-1.0.5.tgz",
+      "integrity": "sha512-Xn0w3MtiQ6zoz2vFyUVruaCL53O/DwUvkEeOvj+uulMm0BkUGYWmBYVyElqZaSLhY6ZD0ulfU3aBra2aVT4xfA==",
+      "license": "(WTFPL OR MIT)"
+    },
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
diff --git a/package.json b/package.json
index a92c4ee..a55be9a 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,7 @@
     "mkdirp": "^3.0.1",
     "multer": "^1.4.5-lts.1",
     "patch-package": "^8.0.0",
+    "sanitize-filename": "^1.6.3",
     "transliteration": "^2.3.5"
   }
 }