From 63f6008a0a707b0723075fb6badac13ddb2716f7 Mon Sep 17 00:00:00 2001
From: Leo Vasanko <leo@git>
Date: Tue, 7 Nov 2023 16:47:41 -0800
Subject: [PATCH] Stricter filename sanitation

---
 cista/util/filename.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cista/util/filename.py b/cista/util/filename.py
index c464b2d..9fb3108 100644
--- a/cista/util/filename.py
+++ b/cista/util/filename.py
@@ -10,4 +10,7 @@ def sanitize(filename: str) -> str:
     filename = filename.replace("\\", "-")
     filename = sanitize_filepath(filename)
     filename = filename.strip("/")
-    return PurePosixPath(filename).as_posix()
+    p = PurePosixPath(filename)
+    if any(n.startswith(".") for n in p.parts):
+        raise ValueError("Filenames starting with dot are not allowed")
+    return p.as_posix()