From 048b160d0452ba54dfe68747db79a7be43d2eb60 Mon Sep 17 00:00:00 2001
From: warrenchen <warrenchen@innovedus.com>
Date: Wed, 10 Dec 2025 18:00:11 +0900
Subject: [PATCH] Refactor Dockerfile and Dockerfile.Staging to streamline
 package installations; enhance PictureService for safer SEO filename handling

---
 Dockerfile                                         |  5 ++---
 Dockerfile.Staging                                 |  5 ++---
 src/Libraries/Nop.Services/Media/PictureService.cs | 12 ++++++++++--
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d02c390..d5bb2db 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -50,9 +50,8 @@ RUN apk add --no-cache icu-libs icu-data-full
 ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
 
 # installs required packages
-RUN apk add tiff --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/main/ --allow-untrusted
-RUN apk add libgdiplus --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community/ --allow-untrusted
-RUN apk add libc-dev tzdata --no-cache
+RUN apk add --no-cache tiff libc-dev tzdata
+RUN apk add --no-cache libgdiplus --repository https://dl-cdn.alpinelinux.org/alpine/edge/community/ --allow-untrusted
 
 # copy entrypoint script
 COPY ./entrypoint.sh /entrypoint.sh
diff --git a/Dockerfile.Staging b/Dockerfile.Staging
index de3659c..a4f077e 100755
--- a/Dockerfile.Staging
+++ b/Dockerfile.Staging
@@ -50,9 +50,8 @@ RUN apk add --no-cache icu-libs icu-data-full
 ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false
 
 # installs required packages
-RUN apk add tiff --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/main/ --allow-untrusted
-RUN apk add libgdiplus --no-cache --repository http://dl-3.alpinelinux.org/alpine/edge/community/ --allow-untrusted
-RUN apk add libc-dev tzdata --no-cache
+RUN apk add --no-cache tiff libc-dev tzdata
+RUN apk add --no-cache libgdiplus --repository https://dl-cdn.alpinelinux.org/alpine/edge/community/ --allow-untrusted
 
 # copy entrypoint script
 COPY ./entrypoint.sh /entrypoint.sh
diff --git a/src/Libraries/Nop.Services/Media/PictureService.cs b/src/Libraries/Nop.Services/Media/PictureService.cs
index 0193aa0..ecd3290 100755
--- a/src/Libraries/Nop.Services/Media/PictureService.cs
+++ b/src/Libraries/Nop.Services/Media/PictureService.cs
@@ -11,6 +11,7 @@ using Nop.Services.Logging;
 using Nop.Services.Seo;
 using SkiaSharp;
 using Svg.Skia;
+using System.IO;
 
 namespace Nop.Services.Media;
 
@@ -597,7 +598,14 @@ public partial class PictureService : IPictureService
                 false);
         }
 
-        var seoFileName = picture.SeoFilename; // = GetPictureSeName(picture.SeoFilename); //just for sure
+        var seoFileName = picture.SeoFilename;
+        if (!string.IsNullOrEmpty(seoFileName))
+        {
+            // ensure seo filename is safe for filesystem (especially on Windows)
+            seoFileName = await GetPictureSeNameAsync(seoFileName);
+            var invalidChars = Path.GetInvalidFileNameChars();
+            seoFileName = string.Concat(seoFileName.Split(invalidChars, StringSplitOptions.RemoveEmptyEntries));
+        }
 
         var lastPart = await GetFileExtensionFromMimeTypeAsync(picture.MimeType);
 
@@ -1252,4 +1260,4 @@ public partial class PictureService : IPictureService
     }
 
     #endregion
-}
\ No newline at end of file
+}