Open kb-1000 opened 6 months ago
The sanitisation of the paths is the responsibility of the program. Some elements illegal in Windows paths aren't illegal in Unix paths, and vice versa. Modrinth modpacks are distributed outside of Modrinth as well, so if you trust on Modrinth to do the basic security stuff for you, you set yourself for failure.
That is an interesting mentality for an API to take. Instead of resolving illegal characters issue as a single upstream source they kick it down to the downstream app developers to do it X number of times.
Note that I'm not referring to the files mentioned by the modpack index, I'm referring to the filename of the modpack file, or other uploaded files.
We could probably fix this going forward but anything that downloads files should do the job of sanitizing the file name for the operating system. For example, this is what browsers do if you try to download that file in a browser.
Describe the bug
Especially on Windows, those characters are illegal in filenames and will break anything that just uses the filename provided by modrinth in the API or URL. On some platforms, filenames containing
..
(two dots) may have special meaning as well.Steps to reproduce
Expected behavior
It should fail.
Additional context
This has been found thanks to https://cdn.modrinth.com/data/PmwWNPV6/versions/5v69ptOa/Technical%20Electrical%3A%20Whimsical%20Wonders-4.1.3.mrpack