From cef587abc232e74a6844ca4e84cd84e2f51d4220 Mon Sep 17 00:00:00 2001
From: Liu An <asiro@qq.com>
Date: Thu, 12 Jun 2025 11:37:25 +0800
Subject: [PATCH] Fix: Add validation for dataset name in KB update API (#8194)

### What problem does this PR solve?

Validate dataset name in knowledge base update endpoint to ensure:
- Name is a non-empty string
- Name length doesn't exceed DATASET_NAME_LIMIT
- Whitespace is trimmed before processing

Prevents invalid dataset names from being saved and provides clear error
messages.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 api/apps/kb_app.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/api/apps/kb_app.py b/api/apps/kb_app.py
index 9c37f96b4..ce118b2c2 100644
--- a/api/apps/kb_app.py
+++ b/api/apps/kb_app.py
@@ -79,7 +79,15 @@ def create():
 @not_allowed_parameters("id", "tenant_id", "created_by", "create_time", "update_time", "create_date", "update_date", "created_by")
 def update():
     req = request.json
+    if not isinstance(req["name"], str):
+        return get_data_error_result(message="Dataset name must be string.")
+    if req["name"].strip() == "":
+        return get_data_error_result(message="Dataset name can't be empty.")
+    if len(req["name"].encode("utf-8")) > DATASET_NAME_LIMIT:
+        return get_data_error_result(
+            message=f"Dataset name length is {len(req['name'])} which is large than {DATASET_NAME_LIMIT}")
     req["name"] = req["name"].strip()
+
     if not KnowledgebaseService.accessible4deletion(req["kb_id"], current_user.id):
         return get_json_result(
             data=False,