Fix: Improve sanitization of folder and file names

AhsanIsEpic · AhsanIsEpic · commit d3a81f26d2ce · 2025-04-15T05:44:31.000+01:00
Signed-off-by: Ahsan Ahmed &lt;ahmedah05@outlook.com&gt;
diff --git a/lib/Service/GoogleDriveAPIService.php b/lib/Service/GoogleDriveAPIService.php
@@ -540,7 +540,7 @@ private function createDirsUnder(array &$directoriesById, Folder $currentFolder,
 			// create dir if we are on top OR if its parent is current dir
 			if (($currentFolderId === '' && !array_key_exists($parentId, $directoriesById))
 				|| $parentId === $currentFolderId) {
-				$name = $dir['name'];
+				$name = preg_replace('/[\/?<>\\:*|"]/', '-', trim((string)($dir['name'] ?? 'Untitled')));
 				if (!$currentFolder->nodeExists($name)) {
 					$newDir = $currentFolder->newFolder($name);
 				} else {
@@ -623,7 +623,7 @@ private function downloadAndSaveFile(
 	 * @return string name of the file to be saved
 	 */
 	private function getFileName(array $fileItem, string $userId, bool $hasNameConflict): string {
-		$fileName = preg_replace('/\/|\n|[^._A-Za-z0-9-]/', '-', $fileItem['name'] ?? 'Untitled');
+		$fileName = preg_replace('/[\/?<>\\:*|"]/', '-', trim((string)($fileItem['name'] ?? 'Untitled')));
 
 		if (in_array($fileItem['mimeType'], array_values(self::DOCUMENT_MIME_TYPES))) {
 			$documentFormat = $this->getUserDocumentFormat($userId);
diff --git a/lib/Service/GooglePhotosAPIService.php b/lib/Service/GooglePhotosAPIService.php
@@ -277,7 +277,7 @@ public function importPhotos(
 		$seenIds = [];
 		foreach ($albums as $album) {
 			$albumId = $album['id'];
-			$albumName = preg_replace('/\//', '_', $album['title'] ?? 'Untitled');
+			$albumName = preg_replace('/[\/?<>\\:*|"]/', '-', trim((string)($album['title'] ?? 'Untitled')));
 			if (!$folder->nodeExists($albumName)) {
 				$albumFolder = $folder->newFolder($albumName);
 			} else {
@@ -372,7 +372,7 @@ public function importPhotos(
 	 * @throws \OCP\Files\NotPermittedException
 	 */
 	private function getPhoto(string $userId, array $photo, Folder $albumFolder): ?int {
-		$photoName = preg_replace('/\//', '_', $photo['filename'] ?? 'Untitled');
+		$photoName = preg_replace('/[\/?<>\\:*|"]/', '-', trim((string)($photo['filename'] ?? 'Untitled')));
 		if ($albumFolder->nodeExists($photoName)) {
 			$photoName = $photo['id'] . '_' . $photoName;
 		}
