 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/lavocat.quebec/private_html/src/utils/ |
import path from 'path';
/**
* Sanitizes a filename by:
* 1. Removing any directory traversal attempts
* 2. Removing any non-alphanumeric characters except for safe extensions
* 3. Ensuring the file has a valid extension
* @param filename The original filename to sanitize
* @returns A sanitized filename safe for storage
*/
export function sanitizeFilename(filename: string): string {
// Get the base name to remove any directory traversal attempts
const basename = path.basename(filename);
// Split into name and extension
const ext = path.extname(basename).toLowerCase();
const name = path.basename(basename, ext);
// Sanitize the name part (only allow alphanumeric, dash, and underscore)
const sanitizedName = name.replace(/[^a-zA-Z0-9-_]/g, '_');
// Ensure the extension is one of the allowed types
const allowedExtensions = ['.pdf', '.jpg', '.jpeg', '.png'];
const safeExt = allowedExtensions.includes(ext) ? ext : '';
// Combine with a timestamp to ensure uniqueness
const timestamp = Date.now();
return `${sanitizedName}_${timestamp}${safeExt}
}