From 8fb3a028995b0a5d737fb585c6e6c7651e00b777 Mon Sep 17 00:00:00 2001
From: ArulmozhiSF4964 <arulmozhi.sankar@syncfusion.com>
Date: Wed, 17 Sep 2025 18:52:58 +0530
Subject: [PATCH 1/2] 959914: Resolved the SQL provider network issue in the
 file manager component.

---
 Models/SQLFileProvider.cs | 35 ++++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/Models/SQLFileProvider.cs b/Models/SQLFileProvider.cs
index f53d082..6c28b55 100644
--- a/Models/SQLFileProvider.cs
+++ b/Models/SQLFileProvider.cs
@@ -580,7 +580,11 @@ public FileStreamResult Download(string path, string[] names, params FileManager
                                     if (isFile)
                                     {
                                         string safePath = SanitizeAndValidatePath(Path.GetTempPath() + files[i]);
-                                        zipEntry = archive.CreateEntryFromFile(safePath, files[i], CompressionLevel.Fastest);
+                                        string sanitizedEntryName = SanitizeZipEntryName(files[i]);
+                                        if (!string.IsNullOrEmpty(sanitizedEntryName))
+                                        {
+                                            zipEntry = archive.CreateEntryFromFile(safePath, sanitizedEntryName, CompressionLevel.Fastest);
+                                        }
                                     }
                                     else
                                     {
@@ -628,7 +632,11 @@ public void DownloadFolder(ZipArchive archive, string subFolderName, SqlConnecti
                 string parentID = "";
                 string fileName = "";
                 bool isFile = false;
-                zipEntry = archive.CreateEntry(folderName + "/");
+                string sanitizedFolderName = SanitizeZipEntryName(folderName + "/");
+                if (!string.IsNullOrEmpty(sanitizedFolderName))
+                {
+                    zipEntry = archive.CreateEntry(sanitizedFolderName);
+                }
                 SqlCommand readCommand = new SqlCommand("SELECT * FROM " + tableName + " WHERE Name = @SubFolderName", sqlConnection);
                 readCommand.Parameters.AddWithValue("@SubFolderName", subFolderName);
                 SqlDataReader readCommandReader = readCommand.ExecuteReader();
@@ -654,7 +662,12 @@ public void DownloadFolder(ZipArchive archive, string subFolderName, SqlConnecti
                         {
                             file.Write(fileContent, 0, fileContent.Length);
                             file.Close();
-                            zipEntry = archive.CreateEntryFromFile(safePath, folderName + "\\" + fileName, CompressionLevel.Fastest);
+                            string entryPath = folderName + "/" + fileName;
+                            string sanitizedEntryName = SanitizeZipEntryName(entryPath);
+                            if (!string.IsNullOrEmpty(sanitizedEntryName))
+                            {
+                                zipEntry = archive.CreateEntryFromFile(safePath, sanitizedEntryName, CompressionLevel.Fastest);
+                            }
                         }
                         if (System.IO.File.Exists(safePath))
                             System.IO.File.Delete(safePath);
@@ -1987,6 +2000,22 @@ private string SanitizeAndValidatePath(string path)
 
             return fullPath;
         }
+
+        private string SanitizeZipEntryName(string entryName)
+        {
+            if (string.IsNullOrEmpty(entryName))
+            {
+                return string.Empty;
+            }
+            string sanitized = entryName.Replace('\\', '/');
+            while (sanitized.Contains("../"))
+            {
+                sanitized = sanitized.Replace("../", "");
+            }
+            sanitized = sanitized.TrimStart('/');
+
+            return sanitized;
+        }
     }
 }
 

From ac850faa61a3428e4082d2f7bfd2bf8325e5f5d5 Mon Sep 17 00:00:00 2001
From: ArulmozhiSF4964 <197725947+ArulmozhiSF4964@users.noreply.github.com>
Date: Wed, 17 Sep 2025 19:17:12 +0530
Subject: [PATCH 2/2] Update SQLFileProvider.cs

---
 Models/SQLFileProvider.cs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Models/SQLFileProvider.cs b/Models/SQLFileProvider.cs
index 6c28b55..fda6af5 100644
--- a/Models/SQLFileProvider.cs
+++ b/Models/SQLFileProvider.cs
@@ -2013,7 +2013,6 @@ private string SanitizeZipEntryName(string entryName)
                 sanitized = sanitized.Replace("../", "");
             }
             sanitized = sanitized.TrimStart('/');
-
             return sanitized;
         }
     }