From d66d3c81e5101fbdf495c6e4a9dcd86e275200ad Mon Sep 17 00:00:00 2001
From: "kiloconnect[bot]" <240665456+kiloconnect[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 11:53:53 +0000
Subject: [PATCH] fix(admin): sanitize user ID slashes and colons in download
 filename

---
 src/app/admin/api/api-request-log/download/route.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/app/admin/api/api-request-log/download/route.ts b/src/app/admin/api/api-request-log/download/route.ts
index fff3b527ac..f9787e88c0 100644
--- a/src/app/admin/api/api-request-log/download/route.ts
+++ b/src/app/admin/api/api-request-log/download/route.ts
@@ -125,7 +125,8 @@ export async function GET(request: NextRequest) {
     },
   });
 
-  const filename = `api-request-log_${userId}_${startDate}_${endDate}.zip`;
+  const safeUserId = userId.replaceAll('/', '-').replaceAll(':', '-');
+  const filename = `api-request-log_${safeUserId}_${startDate}_${endDate}.zip`;
 
   return new Response(webStream, {
     headers: {