From dab370dc4f0430e61b4c29aefe576300e89edb03 Mon Sep 17 00:00:00 2001
From: Joshua Toliver <jtoliver@quoininc.com>
Date: Thu, 15 Aug 2024 14:18:17 -0400
Subject: [PATCH] R2-2887: Sanitizing user defined filename for bulk exports

---
 app/models/bulk_export.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/bulk_export.rb b/app/models/bulk_export.rb
index 680808f376..83e9758b69 100644
--- a/app/models/bulk_export.rb
+++ b/app/models/bulk_export.rb
@@ -102,7 +102,7 @@ def archive!
   end
 
   def generate_file_name
-    return if file_name.present?
+    return self.file_name = ActiveStorage::Filename.new(file_name).sanitized if file_name.present?
 
     self.file_name = "#{record_type&.pluralize}-#{Time.now.strftime('%Y%m%d.%M%S%M%L')}.#{exporter_type&.mime_type}"
   end