Sanitising device names in data export code.

dajtxx · dajtxx · commit 1f22a161b10c · 2024-07-18T13:00:41.000+10:00
diff --git a/src/www/app/main.py b/src/www/app/main.py
@@ -663,7 +663,9 @@ def DownloadData():
         df.to_csv(buffer, encoding='UTF-8')
         buffer.seek(0)
 
-        return send_file(buffer, as_attachment=True, download_name=f'{logical_dev.name}.csv')
+        sanitised_dev_name = re.sub(r'[^a-zA-Z0-9_-]', '', logical_dev.name)
+
+        return send_file(buffer, as_attachment=True, download_name=f'{sanitised_dev_name}.csv')
 
 
     except requests.exceptions.HTTPError as e:
diff --git a/src/www/app/templates/logical_device_form.html b/src/www/app/templates/logical_device_form.html
@@ -127,8 +127,7 @@
 	dialog.addEventListener("close", doFetch);
 });
 
-function exportData(l_uid, name) {
-	console.log("exportData " + l_uid + " " + name);
+function exportData(l_uid) {
 	dialog.returnValue = "Cancel";
 	dialog.showModal();
 
@@ -205,7 +204,7 @@ <h3 style="padding: 8px">Export data</h3>
 <div class="command-bar">
 	<div class="form-buttons">
 		<ul>
-			<li><span class="btn" onclick="exportData('{{ ld_data.uid }}', '{{ ld_data.name}}')">Export Data</span></li>
+			<li><span class="btn" onclick="exportData('{{ ld_data.uid }}')">Export Data</span></li>
 			<li><span class="btn" onclick="handleSubmit('device-form', 'Are you sure you want to Save?')">Save</span></li>
 			<li><span class="btn" onclick="handleMapping('logical device')">Update Mapping</span></li>
 			<li><span class="btn" onclick="handleEndMapping('{{ ld_data.uid }}', 'LD')">End Mapping</span></li>
