Fix 30 critical and high severity bugs from audit passes 6-8

Critical fixes: - Prevent path traversal via rename templates (sanitize_filename) - Prevent input == output data loss (paths_are_same check) - Undo now uses actual executor output paths instead of scanning directory - Filter empty paths from output_files (prevents trashing CWD on undo) - Sanitize URL download filenames to prevent path traversal writes High severity fixes: - Fix EXIF orientation 5/7 transforms per spec - Atomic file creation in find_unique_path (TOCTOU race) - Clean up 0-byte placeholder files on encoding failure - Cap canvas padding to 10000px, total dimensions to 65535 - Clamp crop dimensions to minimum 1px - Clamp DPI to 65535 before u16 cast in JPEG encoder - Force pixel path for non-JPEG/TIFF metadata stripping - Fast path now applies regex find/replace on rename stem - Add output_dpi to needs_pixel_processing check - Cap watermark image scale dimensions to 16384 - Cap template counter padding to 10 - Cap URL download size to 100MB - Fix progress bar NaN when total is zero - Fix calculate_eta underflow when current > total - Fix loaded.len()-1 underflow in preview callbacks - Replace ListItem downcast unwrap with if-let - Fix resize preview division by zero on degenerate images - Clamp rename cursor position to prevent overflow panic - Watch mode: skip output dirs to prevent infinite loop - Watch mode: drop tx sender so channel closes on exit - Watch mode: add delay for partially-written files - Watch mode: warn and skip unmatched files instead of wrong preset - Clean temp download directory on app close - Replace action downcast unwrap with checked if-let - Add BatchResult.output_files for accurate undo tracking
2026-03-07 20:49:10 +02:00
parent b432cc7431
commit adef810691
14 changed files with 207 additions and 106 deletions
--- a/pixstrip-gtk/src/app.rs
+++ b/pixstrip-gtk/src/app.rs
@@ -211,9 +211,9 @@ pub fn build_app() -> adw::Application {
                    .map(|p| p.display().to_string())
                    .collect::<Vec<_>>()
                    .join("\n");
-                action.downcast_ref::<gtk::gio::SimpleAction>()
-                    .unwrap()
-                    .activate(Some(&paths_str.to_variant()));
+                if let Some(simple) = action.downcast_ref::<gtk::gio::SimpleAction>() {
+                    simple.activate(Some(&paths_str.to_variant()));
+                }
            }
        }
    });
@@ -617,6 +617,13 @@ fn build_ui(app: &adw::Application) {
            state.expanded_sections = app_state_for_close.expanded_sections.borrow().clone();

            let _ = session.save(&state);
+
+            // Clean up temporary download directory
+            let temp_downloads = std::env::temp_dir().join("pixstrip-downloads");
+            if temp_downloads.exists() {
+                let _ = std::fs::remove_dir_all(&temp_downloads);
+            }
+
            glib::Propagation::Proceed
        });
    }
@@ -2043,7 +2050,7 @@ fn continue_processing(
                    file,
                } => {
                    if let Some(ref bar) = progress_bar {
-                        let frac = current as f64 / total as f64;
+                        let frac = if total > 0 { (current as f64 / total as f64).clamp(0.0, 1.0) } else { 0.0 };
                        bar.set_fraction(frac);
                        bar.set_text(Some(&format!("{}/{} - {}", current, total, file)));
                        bar.update_property(&[
@@ -2122,17 +2129,8 @@ fn show_results(
        .map(|p| p.display().to_string())
        .unwrap_or_default();

-    // Collect actual output files from the output directory
-    let output_files: Vec<String> = if let Some(ref dir) = *ui.state.output_dir.borrow() {
-        std::fs::read_dir(dir)
-            .into_iter()
-            .flatten()
-            .filter_map(|e| e.ok())
-            .map(|e| e.path().display().to_string())
-            .collect()
-    } else {
-        vec![]
-    };
+    // Use actual output file paths from the executor (only successfully written files)
+    let output_files: Vec<String> = result.output_files.clone();

    let _ = history.add(pixstrip_core::storage::HistoryEntry {
        timestamp: format!(
@@ -2496,9 +2494,12 @@ fn calculate_eta(start: &std::time::Instant, current: usize, total: usize) -> St
    if current == 0 {
        return "Estimating time remaining...".into();
    }
+    if current >= total {
+        return "Almost done...".into();
+    }
    let elapsed = start.elapsed().as_secs_f64();
    let per_image = elapsed / current as f64;
-    let remaining = (total - current) as f64 * per_image;
+    let remaining = (total.saturating_sub(current)) as f64 * per_image;
    if remaining < 1.0 {
        "Almost done...".into()
    } else {