cleanup

ameer2468 · ameer2468 · commit b3142c9c685c · 2025-10-21T16:52:51.000+03:00
diff --git a/apps/web/actions/images/remove-image.ts b/apps/web/actions/images/remove-image.ts
@@ -64,7 +64,7 @@ export async function removeImage(
 
 		return { success: true } as const;
 	} catch (error) {
-		console.error(`Error removing ${type} image:`, error);
+		console.error(`Error removing %s image:`, type, error);
 		throw new Error(error instanceof Error ? error.message : "Remove failed");
 	}
 }
diff --git a/apps/web/actions/images/upload-image.ts b/apps/web/actions/images/upload-image.ts
@@ -7,6 +7,7 @@ import { OrganisationId, UserId } from "@cap/web-domain";
 import { eq } from "drizzle-orm";
 import { Effect, Option } from "effect";
 import { revalidatePath } from "next/cache";
+import * as path from "path";
 import { runPromise } from "@/lib/server";
 
 export async function uploadImage(
@@ -29,7 +30,15 @@ export async function uploadImage(
 						oldImageUrlOrKey.startsWith("https://")
 					) {
 						const url = new URL(oldImageUrlOrKey);
-						oldS3Key = url.pathname.substring(1);
+						const raw = url.pathname.startsWith("/")
+							? url.pathname.slice(1)
+							: url.pathname;
+						const decoded = decodeURIComponent(raw);
+						const normalized = path.posix.normalize(decoded);
+						if (normalized.includes("..")) {
+							throw new Error("Invalid S3 key path");
+						}
+						oldS3Key = normalized;
 					}
 
 					// Only delete if it looks like the correct type of image key
@@ -38,7 +47,7 @@ export async function uploadImage(
 						yield* bucket.deleteObject(oldS3Key);
 					}
 				} catch (error) {
-					console.error(`Error deleting old ${type} image from S3:`, error);
+					console.error(`Error deleting old %s image from S3:`, type, error);
 				}
 			}
 
@@ -77,7 +86,7 @@ export async function uploadImage(
 
 		return { success: true, image: s3Key } as const;
 	} catch (error) {
-		console.error(`Error uploading ${type} image:`, error);
+		console.error(`Error uploading %s image:`, type, error);
 		throw new Error(error instanceof Error ? error.message : "Upload failed");
 	}
 }
diff --git a/apps/web/app/(org)/dashboard/_components/Navbar/SpaceDialog.tsx b/apps/web/app/(org)/dashboard/_components/Navbar/SpaceDialog.tsx
@@ -18,13 +18,12 @@ import { faLayerGroup } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
 import type React from "react";
-import { useEffect, useId, useRef, useState } from "react";
+import { useEffect, useRef, useState } from "react";
 import { useForm } from "react-hook-form";
 import { toast } from "sonner";
 import * as z from "zod";
 import { updateSpace } from "@/actions/organization/update-space";
 import { FileInput } from "@/components/FileInput";
-import { SignedImageUrl } from "@/components/SignedImageUrl";
 import { useDashboardContext } from "../../Contexts";
 import { MemberSelect } from "../../spaces/[spaceId]/components/MemberSelect";
 import { createSpace } from "./server";

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ export async function removeImage(`
`64`	`64`
`65`	`65`	`return { success: true } as const;`
`66`	`66`	`} catch (error) {`
`67`		- console.error(`Error removing ${type} image:`, error);
	`67`	+ console.error(`Error removing %s image:`, type, error);
`68`	`68`	`throw new Error(error instanceof Error ? error.message : "Remove failed");`
`69`	`69`	`}`
`70`	`70`	`}`