[Linux] Default project filenames not escaped/whitelisted

Accepted project names include " " (a single space), “/”, “…/anything”, and these are interpreted as-is for the generated filename. So, “/” gives you ~/Documents/.tpy as your project file (so it’s now hidden), and “…/anything” gives you “~/anything.tpy” (created in the directory above Documents).

Some of the examples are a little contrived of course, but taking the input as-is even for more legitimate names could easily result in files in unexpected places or mysterious failures. For example, attempting to use a slash “normally” in a project name (as in “A/B”) seems to break the New Project dialog, resulting in a white screen, presumably because it’s trying to save a file in a nonexistent “A” subdirectory. When a project with a slash in the name is successfully created, its entry in the Recent menu is confusing since everything before the slash is omitted.

Whitelisting or otherwise filtering the user’s project name for the purposes of creating the filename seems appropriate.

1 Like