Problem Statement
The uploader does not sanitize filenames for special characters, spaces, path separators, or unicode that could cause issues on different filesystems or create security vulnerabilities (e.g., null bytes, ../ sequences).
Proposed Solution
Sanitize uploaded filenames by:
- Removing or replacing path separators (
/, \\)
- Removing null bytes
- Replacing spaces and special characters with safe alternatives
- Optionally allowing a custom sanitization callback
Alternatives Considered
- Leaving sanitization to the user (error-prone)
- Only stripping path separators (insufficient)
Breaking Change
No
Problem Statement
The uploader does not sanitize filenames for special characters, spaces, path separators, or unicode that could cause issues on different filesystems or create security vulnerabilities (e.g., null bytes,
../sequences).Proposed Solution
Sanitize uploaded filenames by:
/,\\)Alternatives Considered
Breaking Change
No