[feature/attach-dl] Moved filename cleaning into own function

PHPBB3-11042

phpBB/download/file.php

@@ -374,14 +374,7 @@ else
 		trigger_error('ERROR_NO_ATTACHMENT');
 	}
 
-	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+	$clean_name = phpbb_download_clean_filename(current($row));
-	$clean_name = current($row);
-
-	// rawurlencode to convert any potentially 'bad' characters that we missed
-	$clean_name = rawurlencode(str_replace($bad_chars, '_', $clean_name));
-
-	// Turn the %xx entities created by rawurlencode to _
-	$clean_name = preg_replace("/%(\w{2})/", '_', $clean_name);
 	$suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name;
 
 	$store_name = 'att_' . time() . '_' . unique_id();

phpBB/includes/functions_download.php

@@ -647,3 +647,24 @@ function phpbb_download_check_forum_auth($db, $auth, $topic_id)
 		trigger_error('SORRY_AUTH_VIEW_ATTACH');
 	}
 }
+
+/**
+* Cleans a filename of any characters that could potentially cause a problem on
+* a user's filesystem.
+*
+* @param string $filename The filename to clean
+*
+* @return string The cleaned filename
+*/
+function phpbb_download_clean_filename($filename)
+{
+	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+
+	// rawurlencode to convert any potentially 'bad' characters that we missed
+	$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
+
+	// Turn the %xx entities created by rawurlencode to _
+	$filename = preg_replace("/%(\w{2})/", '_', $filename);
+
+	return $filename;
+}