fix: Allow hyphen and underscore in filename

[hmacr]

Allows hyphen and underscore as valid characters for filename

Related: appwrite/appwrite#10501

Summary by CodeRabbit

• New Features

  • Expanded filename validation to allow dashes (-) and underscores (_), in addition to letters, numbers, and dots.
  • Validation remains strict: only these characters are accepted; empty or non-text inputs are rejected.

• Tests

  • Updated test cases to cover newly accepted filename patterns (e.g., test-test, test_test, mixed combinations).

[coderabbitai]

Walkthrough

Expanded allowed filename characters to include dash and underscore. Replaced regex-based validation with a strip-and-alnum check while retaining early returns for non-string or empty inputs. Updated unit tests to cover new valid patterns.

Changes

Cohort / File(s)	Summary
Validator logic update src/Storage/Validator/FileName.php	Broadened allowed characters to letters, digits, dot, dash, underscore. Switched from regex to stripping non-letters (.,-,_) then ctype_alnum validation. Preserved early-return structure.
Test updates for new cases tests/Storage/Validator/FileNameTest.php	Added test cases validating dash and underscore usage and combined patterns reflecting updated validator rules.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Caller
  participant Validator as FileName Validator

  Caller->>Validator: validate(name)
  alt name is not string or empty
    Validator-->>Caller: false
  else
    Note over Validator: Remove '.', '-', '_' from name
    Validator->>Validator: ctype_alnum(remaining)
    alt remaining is alphanumeric
      Validator-->>Caller: true
    else
      Validator-->>Caller: false
    end
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I thump my paws: new names can play—
Dashes, underscores hop this way!
We nibble dots between each bite,
Alnum tests by moonlit night.
With tidy checks, our paths align—
A burrow full of valid file sign. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately and concisely summarizes the main change of allowing hyphens and underscores in filenames and follows conventional commit message style, making the primary update clear at a glance.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-filename-validator

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

tests/Storage/Validator/FileNameTest.php (1)

32-34: LGTM! Test coverage aligns with the updated validation.

The new test cases correctly verify that hyphens, underscores, and dots are now accepted in filenames.

Consider adding edge case tests for filenames consisting only of special characters (e.g., '---', '___', '...') to explicitly verify they are rejected, and filenames starting/ending with special characters (e.g., '.hidden', 'file-') to confirm they are accepted. This would make the test suite more comprehensive.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5562a61 and 0929e0c.

📒 Files selected for processing (2)

• src/Storage/Validator/FileName.php (2 hunks)
• tests/Storage/Validator/FileNameTest.php (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

tests/Storage/Validator/FileNameTest.php (1)

src/Storage/Validator/FileName.php (1)

• isValid (23-38)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Build & Unit

🔇 Additional comments (2)

src/Storage/Validator/FileName.php (2)

18-18: LGTM! Documentation updated accurately.

The docstring now correctly describes the expanded character set, including the newly allowed hyphen and underscore.

---

33-33: LGTM! Validation logic is correct and more maintainable.

The strip-and-check approach correctly handles the expanded character set while maintaining security:

• Filenames with only special characters (e.g., '---', '...') are correctly rejected since ctype_alnum('') returns false
• Path traversal attempts (e.g., '../test') remain blocked because the forward slash is not removed and fails the alphanumeric check
• The implementation is simpler and more readable than regex-based validation