Codex-generated pull request

[rad1092]

Codex generated this pull request, but encountered an unexpected error after generation. This is a placeholder PR message.

---

Codex Task

[chatgpt-codex-connector]

💡 Codex Review

First_two/bitnet_tools/web.py

Lines 100 to 101 in 5a90466

	path = Path(td) / name
	path.write_text(text, encoding="utf-8")

Sanitize uploaded names before creating temp CSV paths

/api/multi-analyze uses the client-supplied name directly in Path(td) / name, so a request with name like ../../foo.csv or an absolute path can escape the temporary directory and overwrite arbitrary files writable by the server process. This is a real file-write vulnerability whenever the API is reachable (including --host 0.0.0.0), so the filename should be reduced to a safe basename and validated before writing.

---

First_two/BitNet_Desktop_Start.bat

Line 3 in 5a90466

cd /d %~dp0

Quote %~dp0 when changing directories in startup script

cd /d %~dp0 fails when the project path contains spaces (for example under C:\Users\<name>\...), which prevents the script from entering the repo reliably before creating .venv and installing packages. Wrapping %~dp0 in quotes avoids this Windows path parsing failure.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".