From 20ecd046daf660a7cb5ae7079cea9a6ed26c9bab Mon Sep 17 00:00:00 2001 From: Fyorl Date: Tue, 14 Aug 2012 11:42:23 +0100 Subject: [PATCH] [feature/attach-dl] Moved filename cleaning into own function PHPBB3-11042 --- phpBB/download/file.php | 9 +-------- phpBB/includes/functions_download.php | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 1aeaceb824..4a89aca3e6 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -374,14 +374,7 @@ else trigger_error('ERROR_NO_ATTACHMENT'); } - $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); - $clean_name = current($row); - - // rawurlencode to convert any potentially 'bad' characters that we missed - $clean_name = rawurlencode(str_replace($bad_chars, '_', $clean_name)); - - // Turn the %xx entities created by rawurlencode to _ - $clean_name = preg_replace("/%(\w{2})/", '_', $clean_name); + $clean_name = phpbb_download_clean_filename(current($row)); $suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name; $store_name = 'att_' . time() . '_' . unique_id(); diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 22f217909c..f866c6bbfb 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -647,3 +647,24 @@ function phpbb_download_check_forum_auth($db, $auth, $topic_id) trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } + +/** +* Cleans a filename of any characters that could potentially cause a problem on +* a user's filesystem. +* +* @param string $filename The filename to clean +* +* @return string The cleaned filename +*/ +function phpbb_download_clean_filename($filename) +{ + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + // rawurlencode to convert any potentially 'bad' characters that we missed + $filename = rawurlencode(str_replace($bad_chars, '_', $filename)); + + // Turn the %xx entities created by rawurlencode to _ + $filename = preg_replace("/%(\w{2})/", '_', $filename); + + return $filename; +}