Fix cases of broken user:// paths.

* Properly validate paths when supplying the project name.
* Ensures that the user data dir will always be valid.

Fixes 69366.

2 files changed, 14 insertions, 4 deletions

diff --git a/core/os/os.cpp b/core/os/os.cpp
index c6fa8d307b..86469852e3 100644
--- a/core/os/os.cpp
+++ b/core/os/os.cpp
@@ -203,16 +203,26 @@ uint64_t OS::get_embedded_pck_offset() const {
 }
 
 // Helper function to ensure that a dir name/path will be valid on the OS
-String OS::get_safe_dir_name(const String &p_dir_name, bool p_allow_dir_separator) const {
+String OS::get_safe_dir_name(const String &p_dir_name, bool p_allow_paths) const {
+	String safe_dir_name = p_dir_name;
 	Vector<String> invalid_chars = String(": * ? \" < > |").split(" ");
-	if (p_allow_dir_separator) {
+	if (p_allow_paths) {
 		// Dir separators are allowed, but disallow ".." to avoid going up the filesystem
 		invalid_chars.push_back("..");
+		safe_dir_name = safe_dir_name.replace("\\", "/").strip_edges();
 	} else {
 		invalid_chars.push_back("/");
+		invalid_chars.push_back("\\");
+		safe_dir_name = safe_dir_name.strip_edges();
+
+		// These directory names are invalid.
+		if (safe_dir_name == ".") {
+			safe_dir_name = "dot";
+		} else if (safe_dir_name == "..") {
+			safe_dir_name = "twodots";
+		}
 	}
 
-	String safe_dir_name = p_dir_name.replace("\\", "/").strip_edges();
 	for (int i = 0; i < invalid_chars.size(); i++) {
 		safe_dir_name = safe_dir_name.replace(invalid_chars[i], "-");
 	}
diff --git a/core/os/os.h b/core/os/os.h
index b80efa47b7..c96c675bcb 100644
--- a/core/os/os.h
+++ b/core/os/os.h
@@ -237,7 +237,7 @@ public:
 
 	virtual uint64_t get_embedded_pck_offset() const;
 
-	String get_safe_dir_name(const String &p_dir_name, bool p_allow_dir_separator = false) const;
+	String get_safe_dir_name(const String &p_dir_name, bool p_allow_paths = false) const;
 	virtual String get_godot_dir_name() const;
 
 	virtual String get_data_path() const;