diff --git a/cli/onionshare_cli/web/send_base_mode.py b/cli/onionshare_cli/web/send_base_mode.py index 5d6af460..6ba8d934 100644 --- a/cli/onionshare_cli/web/send_base_mode.py +++ b/cli/onionshare_cli/web/send_base_mode.py @@ -25,7 +25,7 @@ import mimetypes import gzip from flask import Response, request from unidecode import unidecode -from urllib.parse import quote +from urllib.parse import quote, unquote class SendBaseModeWeb: @@ -246,7 +246,10 @@ class SendBaseModeWeb: or self.common.platform == "BSD" ): if self.web.settings.get(self.web.mode, "log_filenames"): - filename_str = f"{path} - " + # Decode and sanitize the path to remove newlines + decoded_path = unquote(path) + decoded_path = decoded_path.replace("\r", "").replace("\n", "") + filename_str = f"{decoded_path} - " else: filename_str = "" diff --git a/cli/onionshare_cli/web/share_mode.py b/cli/onionshare_cli/web/share_mode.py index 276a7be8..49d87282 100644 --- a/cli/onionshare_cli/web/share_mode.py +++ b/cli/onionshare_cli/web/share_mode.py @@ -29,7 +29,7 @@ from datetime import datetime, timezone from flask import Response, request, render_template, make_response, abort from unidecode import unidecode from werkzeug.http import parse_date, http_date -from urllib.parse import quote +from urllib.parse import quote, unquote from .send_base_mode import SendBaseModeWeb @@ -347,7 +347,10 @@ class ShareModeWeb(SendBaseModeWeb): or self.common.platform == "BSD" ): if self.web.settings.get("share", "log_filenames"): - filename_str = f"{path} - " + # Decode and sanitize the path to remove newlines + decoded_path = unquote(path) + decoded_path = decoded_path.replace("\r", "").replace("\n", "") + filename_str = f"{decoded_path} - " else: filename_str = ""