fix(core): sanitize task filenames to prevent path traversal

Replace illegal filesystem characters (/ \ : * ? " < > |) and control characters with underscores. Fall back to task ID as filename if the sanitized title is empty.
2026-03-30 16:14:29 -07:00 · 2026-03-30 16:14:29 -07:00 · a54e427cd9
parent 9333ac7825
commit a54e427cd9
1 changed files with 19 additions and 1 deletions
--- a/crates/bevy-tasks-core/src/storage.rs
+++ b/crates/bevy-tasks-core/src/storage.rs
@ -148,8 +148,26 @@ impl FileSystemStorage {
        self.root_path.join(name)
    }

+    fn sanitize_filename(name: &str) -> String {
+        name.chars()
+            .map(|c| match c {
+                '/' | '\\' | ':' | '*' | '?' | '"' | '<' | '>' | '|' => '_',
+                '\0'..='\x1f' => '_',
+                _ => c,
+            })
+            .collect::<String>()
+            .trim_matches(|c: char| c == '.' || c == ' ')
+            .to_string()
+    }
+
    fn task_file_path(&self, list_dir: &Path, task: &Task) -> PathBuf {
-        list_dir.join(format!("{}.md", task.title))
+        let safe_title = Self::sanitize_filename(&task.title);
+        let filename = if safe_title.is_empty() {
+            task.id.to_string()
+        } else {
+            safe_title
+        };
+        list_dir.join(format!("{}.md", filename))
    }

    fn parse_markdown_with_frontmatter(&self, content: &str) -> Result<(TaskFrontmatter, String)> {