Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: download responses not working #2205

Merged
merged 3 commits into from
Mar 8, 2024
Merged

fix: download responses not working #2205

merged 3 commits into from
Mar 8, 2024

Conversation

gupta-piyush19
Copy link
Contributor

What does this PR do?

fix download responses not working

Fixes #2199

How should this be tested?

  • Download response file for a survey having no surveys
  • Download response file for a survey having / in the survey name

Checklist

Required

  • Filled out the "How to test" section in this PR
  • Read How we Code at Formbricks
  • Self-reviewed my own code
  • Commented on my code in hard-to-understand bits
  • Ran pnpm build
  • Checked for warnings, there are none
  • Removed all console.logs
  • Merged the latest changes from main onto my branch with git pull origin main
  • My changes don't cause any responsiveness issues

Appreciated

  • If a UI change was made: Added a screen recording or screenshots to this PR
  • Updated the Formbricks Docs if changes were necessary

@vercel Vercel
Copy link

vercel bot commented Mar 8, 2024

@gupta-piyush19 is attempting to deploy a commit to the formbricks Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the bug Something isn't working label Mar 8, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 8, 2024
edited

Thank you for following the naming conventions for pull request titles! 🙏

mattinannt
mattinannt approved these changes Mar 8, 2024
View reviewed changes
Copy link
Member

@mattinannt mattinannt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gupta-piyush19 thank you, looks great! 😊💪

@jonas-hoebenreich
Copy link
Contributor

Many thanks for the quick fix. I would suggest to make the function getResponsesFileName even more robust against path traversal attacks (e.g. a user could download files he should not have access to)?

export const getResponsesFileName = (surveyName: string, extension: string) => {
  // sanitize surveyName by removing all characters from the survey name that could cause issues & add max length
  surveyName = surveyName.replace(/[^0-9a-zA-Z\-._]+/g, "_").substring(0, 255);
  const formattedDateString = getTodaysDateTimeFormatted("-");
  return `export-${surveyName.split(" ").join("-")}-${formattedDateString}.${extension}`.toLocaleLowerCase();
};

jonas-hoebenreich
jonas-hoebenreich reviewed Mar 8, 2024
View reviewed changes
Copy link
Contributor

@jonas-hoebenreich jonas-hoebenreich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to make the function getResponsesFileName even more robust against path traversal attacks by removing all characters from the filename that could cause issues and also limit the length of the name (to resolve OS specific issues with really long file names)

packages/lib/response/util.ts
@@ -307,6 +307,8 @@ export const buildWhereClause = (filterCriteria?: TResponseFilterCriteria) => {
};

export const getResponsesFileName = (surveyName: string, extension: string) => {
// replacing / with : to avoid url issues
surveyName = surveyName.replaceAll("/", ":");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

// sanitize surveyName by removing all characters from the survey name that could cause issues & add max length
surveyName = surveyName.replace(/[^0-9a-zA-Z\-._]+/g, "_").substring(0, 255);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it makes sense. Thank you for the suggestions. I'll update the PR with this new filename function.

@mattinannt mattinannt added this pull request to the merge queue Mar 8, 2024
Merged via the queue into formbricks:main with commit a9f35df Mar 8, 2024
7 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonas-hoebenreich jonas-hoebenreich jonas-hoebenreich left review comments

@mattinannt mattinannt mattinannt approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[BUG] Downloads not working
3 participants
@gupta-piyush19 @jonas-hoebenreich @mattinannt