MrSphay/odysseus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: _sanitize_export_filename crashes on a non-string session name (#1607)

Browse Source
This commit is contained in:
Afonso Coutinho
2026-06-03 00:35:47 +01:00
committed by GitHub
parent 382d49d887
commit 6df0f5e6df
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
routes/session_routes.py
View File

@@ -16,7 +16,7 @@ from src.auth_helpers import get_current_user, effective_user
def _sanitize_export_filename(name: str) -> str:
"""Return a conservative filename safe for Content-Disposition."""
name = name or ""
name = name if isinstance(name, str) else ""
name = re.sub(r"[^A-Za-z0-9._-]", "_", name)
return name[:128]

15
tests/test_session_export_filename.py Normal file
View File

@@ -0,0 +1,15 @@
"""Regression: _sanitize_export_filename must tolerate a non-string name.
It did `name = name or ""` then `re.sub(..., name)`. A non-string name (e.g. an
int session name) is truthy, so re.sub raised TypeError. Coerce non-strings.
"""
from routes.session_routes import _sanitize_export_filename
def test_non_string_name_does_not_crash():
assert _sanitize_export_filename(12345) == ""
assert _sanitize_export_filename(None) == ""
def test_valid_name_sanitized():
assert _sanitize_export_filename("a/b?c.txt") == "a_b_c.txt"