mirror of
https://github.com/DumbWareio/DumbDrop.git
synced 2026-01-09 06:11:13 +08:00
47510e3166
* added file listing feature * added filename sanitizer * added file renaming feature * Improve file action rendering and security checks Replaces innerHTML-based file action rendering in index.html with DOM API for better safety and maintainability. Enhances path traversal security checks in files.js to ensure paths are strictly within the upload directory. Adds safe Content-Disposition header generation for file downloads to prevent header injection and support international filenames. * Improve filename sanitization and validation Updated regex in createSafeContentDisposition for Unicode compatibility and improved ASCII checks. Added validation to reject empty filenames after sanitization in the rename route. sanitizePathPreserveDirsSafe now removes '.' and '..' path navigation tokens for enhanced security. --------- Co-authored-by: abite <aleksbite@yahoo.com>