From 3e2b892aaec238412ad9093427235ec4b597162e Mon Sep 17 00:00:00 2001
From: Cohee <18619528+Cohee1207@users.noreply.github.com>
Date: Mon, 16 Sep 2024 11:02:09 +0000
Subject: [PATCH] Sanitize file names on chat renaming

---
 public/script.js       | 4 ++++
 src/endpoints/chats.js | 7 ++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/public/script.js b/public/script.js
index 85cb7ccd3..ec90ab118 100644
--- a/public/script.js
+++ b/public/script.js
@@ -8828,6 +8828,10 @@ export async function renameChat(oldFileName, newName) {
             throw new Error('Server returned an error.');
         }
 
+        if (data.sanitizedFileName) {
+            newName = data.sanitizedFileName;
+        }
+
         if (selected_group) {
             await renameGroupChat(selected_group, oldFileName, newName);
         }
diff --git a/src/endpoints/chats.js b/src/endpoints/chats.js
index 2be1eb4e0..8ecd08199 100644
--- a/src/endpoints/chats.js
+++ b/src/endpoints/chats.js
@@ -199,8 +199,9 @@ router.post('/rename', jsonParser, async function (request, response) {
     const pathToFolder = request.body.is_group
         ? request.user.directories.groupChats
         : path.join(request.user.directories.chats, String(request.body.avatar_url).replace('.png', ''));
-    const pathToOriginalFile = path.join(pathToFolder, request.body.original_file);
-    const pathToRenamedFile = path.join(pathToFolder, request.body.renamed_file);
+    const pathToOriginalFile = path.join(pathToFolder, sanitize(request.body.original_file));
+    const pathToRenamedFile = path.join(pathToFolder, sanitize(request.body.renamed_file));
+    const sanitizedFileName = path.parse(pathToRenamedFile).name;
     console.log('Old chat name', pathToOriginalFile);
     console.log('New chat name', pathToRenamedFile);
 
@@ -212,7 +213,7 @@ router.post('/rename', jsonParser, async function (request, response) {
     fs.copyFileSync(pathToOriginalFile, pathToRenamedFile);
     fs.rmSync(pathToOriginalFile);
     console.log('Successfully renamed.');
-    return response.send({ ok: true });
+    return response.send({ ok: true, sanitizedFileName });
 });
 
 router.post('/delete', jsonParser, function (request, response) {