fix #246: remove any double quotes or single quotes from os.tmpdir al…

…so sanitize dir option, the template option and the name option

CHANGELOG.md

@@ -63,6 +63,13 @@
 
   now using rimraf for removing directory trees.
 
+- [#246](https://github.com/raszi/node-tmp/issues/246)
+
+  ***BUG FIX***
+
+  os.tmpdir() might return a value that includes single or double quotes,
+  similarly so the dir option, the template option and the name option
+
 - [#240](https://github.com/raszi/node-tmp/issues/240)
 
   ***DOCUMENTATION***

lib/tmp.js

@@ -525,7 +525,7 @@ function _assertAndSanitizeOptions(options) {
   options.template = _isBlank(options.template) ? undefined : path.relative(options.dir, options.template);
 
   // for completeness' sake only, also keep (multiple) blanks if the user, purportedly sane, requests us to
-  options.name = _isUndefined(options.name) ? undefined : options.name;
+  options.name = _isUndefined(options.name) ? undefined : _sanitizeName(options.name);
   options.prefix = _isUndefined(options.prefix) ? '' : options.prefix;
   options.postfix = _isUndefined(options.postfix) ? '' : options.postfix;
 }
@@ -542,13 +542,28 @@ function _assertAndSanitizeOptions(options) {
  * @private
  */
 function _resolvePath(name, tmpDir) {
-  if (name.startsWith(tmpDir)) {
-    return path.resolve(name);
+  const sanitizedName = _sanitizeName(name);
+  if (sanitizedName.startsWith(tmpDir)) {
+    return path.resolve(sanitizedName);
   } else {
-    return path.resolve(path.join(tmpDir, name));
+    return path.resolve(path.join(tmpDir, sanitizedName));
   }
 }
 
+/**
+ * Sanitize the specified path name by removing all quote characters.
+ *
+ * @param name
+ * @returns {string}
+ * @private
+ */
+function _sanitizeName(name) {
+  if (_isBlank(name)) {
+    return name;
+  }
+  return name.replace(/["']/g, '');
+}
+
 /**
  * Asserts whether specified name is relative to the specified tmpDir.
  *
@@ -637,7 +652,7 @@ function setGracefulCleanup() {
  * @returns {string} the currently configured tmp dir
  */
 function _getTmpDir() {
-  return path.resolve(os.tmpdir());
+  return path.resolve(_sanitizeName(os.tmpdir()));
 }
 
 // Install process exit listener

test/name-sync-test.js

@@ -7,6 +7,7 @@ const
   inbandStandardTests = require('./name-inband-standard'),
   tmp = require('../lib/tmp');
 
+const isWindows = os.platform() === 'win32';
 
 describe('tmp', function () {
   describe('#tmpNameSync()', function () {
@@ -39,7 +40,9 @@ describe('tmp', function () {
       describe('on issue #176', function () {
         const origfn = os.tmpdir;
         it('must fail on invalid os.tmpdir()', function () {
-          os.tmpdir = function () { return undefined; };
+          os.tmpdir = function () {
+            return undefined;
+          };
           try {
             tmp.tmpNameSync();
             assert.fail('should have failed');
@@ -50,6 +53,35 @@ describe('tmp', function () {
           }
         });
       });
+      describe('on issue #246', function () {
+        const origfn = os.tmpdir;
+        it('must produce correct name on os.tmpdir() returning path that includes double quotes', function () {
+          const tmpdir = isWindows ? '"C:\\Temp With Spaces"' : '"/tmp with spaces"';
+          os.tmpdir = function () {
+            return tmpdir;
+          };
+          const name = tmp.tmpNameSync();
+          try {
+            assert.ok(name.indexOf('"') === -1);
+            assert.ok(name.startsWith(tmpdir.replace(/["']/g, '')));
+          } finally {
+            os.tmpdir = origfn;
+          }
+        });
+        it('must produce correct name on os.tmpdir() returning path that includes single quotes', function () {
+          const tmpdir = isWindows ? '\'C:\\Temp With Spaces\'' : '\'/tmp with spaces\'';
+          os.tmpdir = function () {
+            return tmpdir;
+          };
+          const name = tmp.tmpNameSync();
+          try {
+            assert.ok(name.indexOf('\'') === -1);
+            assert.ok(name.startsWith(tmpdir.replace(/["']/g, '')));
+          } finally {
+            os.tmpdir = origfn;
+          }
+        });
+      });
     });
 
     describe('when running standard outband tests', function () {

test/name-test.js

@@ -7,6 +7,7 @@ const
   inbandStandardTests = require('./name-inband-standard'),
   tmp = require('../lib/tmp');
 
+const isWindows = os.platform() === 'win32';
 
 describe('tmp', function () {
   describe('#tmpName()', function () {
@@ -62,6 +63,39 @@ describe('tmp', function () {
           });
         });
       });
+      describe('on issue #246', function () {
+        const origfn = os.tmpdir;
+        it('must produce correct name on os.tmpdir() returning path that includes double quotes', function (done) {
+          const tmpdir = isWindows ? '"C:\\Temp With Spaces"' : '"/tmp with spaces"';
+          os.tmpdir = function () { return tmpdir; };
+          tmp.tmpName(function (err, name) {
+            try {
+              assert.ok(name.indexOf('"') === -1);
+              assert.ok(name.startsWith(tmpdir.replace(/["']/g, '')));
+            } catch (err) {
+              return done(err);
+            } finally {
+              os.tmpdir = origfn;
+            }
+            done();
+          });
+        });
+        it('must produce correct name on os.tmpdir() returning path that includes single quotes', function (done) {
+          const tmpdir = isWindows ? '\'C:\\Temp With Spaces\'' : '\'/tmp with spaces\'';
+          os.tmpdir = function () { return tmpdir; };
+          tmp.tmpName(function (err, name) {
+            try {
+              assert.ok(name.indexOf('\'') === -1);
+              assert.ok(name.startsWith(tmpdir.replace(/["']/g, '')));
+            } catch (err) {
+              return done(err);
+            } finally {
+              os.tmpdir = origfn;
+            }
+            done();
+          });
+        });
+      });
     });
 
     describe('when running standard outband tests', function () {
@@ -71,4 +105,3 @@ describe('tmp', function () {
     });
   });
 });
-