From 73a040390b19cc8431013fd4a0177d23d5ff7e01 Mon Sep 17 00:00:00 2001
From: Muhammad <boukerfa.ma@gmail.com>
Date: Tue, 8 Oct 2024 16:42:53 +0100
Subject: [PATCH 1/2] using basename in submission filename to prevent
 potential LFI

---
 lib/ontologies_linked_data/models/ontology_submission.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ontologies_linked_data/models/ontology_submission.rb b/lib/ontologies_linked_data/models/ontology_submission.rb
index ce69e3e9..74d87758 100644
--- a/lib/ontologies_linked_data/models/ontology_submission.rb
+++ b/lib/ontologies_linked_data/models/ontology_submission.rb
@@ -280,7 +280,7 @@ def self.submission_id_generator(ss)
       # Copy file from /tmp/uncompressed-ont-rest-file to /srv/ncbo/repository/MY_ONT/1/
       def self.copy_file_repository(acronym, submissionId, src, filename = nil)
         path_to_repo = File.join([LinkedData.settings.repository_folder, acronym.to_s, submissionId.to_s])
-        name = filename || File.basename(File.new(src).path)
+        name = File.basename(filename) || File.basename(File.new(src).path)
         # THIS LOGGER IS JUST FOR DEBUG - remove after NCBO-795 is closed
         logger = Logger.new(Dir.pwd + "/create_permissions.log")
         if not Dir.exist? path_to_repo

From 719ec4da908efc92316cd455ced657030f687a8e Mon Sep 17 00:00:00 2001
From: Muhammad <boukerfa.ma@gmail.com>
Date: Wed, 9 Oct 2024 12:05:22 +0100
Subject: [PATCH 2/2] Fix nil handling for filename in ontology file upload

---
 lib/ontologies_linked_data/models/ontology_submission.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ontologies_linked_data/models/ontology_submission.rb b/lib/ontologies_linked_data/models/ontology_submission.rb
index 74d87758..96060ff9 100644
--- a/lib/ontologies_linked_data/models/ontology_submission.rb
+++ b/lib/ontologies_linked_data/models/ontology_submission.rb
@@ -280,7 +280,7 @@ def self.submission_id_generator(ss)
       # Copy file from /tmp/uncompressed-ont-rest-file to /srv/ncbo/repository/MY_ONT/1/
       def self.copy_file_repository(acronym, submissionId, src, filename = nil)
         path_to_repo = File.join([LinkedData.settings.repository_folder, acronym.to_s, submissionId.to_s])
-        name = File.basename(filename) || File.basename(File.new(src).path)
+        name = filename.nil? ? File.basename(File.new(src).path) : File.basename(filename)
         # THIS LOGGER IS JUST FOR DEBUG - remove after NCBO-795 is closed
         logger = Logger.new(Dir.pwd + "/create_permissions.log")
         if not Dir.exist? path_to_repo