makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/attach-dl] Moved filename cleaning into own function

Browse source 
PHPBB3-11042
This commit is contained in:
Fyorl 2012-08-14 11:42:23 +01:00
parent e8830c3369
commit 20ecd046da
2 changed files with 22 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
phpBB/download/file.php
View file

@ -374,14 +374,7 @@ else
trigger_error('ERROR_NO_ATTACHMENT');
}
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
$clean_name = current($row);
// rawurlencode to convert any potentially 'bad' characters that we missed
$clean_name = rawurlencode(str_replace($bad_chars, '_', $clean_name));
// Turn the %xx entities created by rawurlencode to _
$clean_name = preg_replace("/%(\w{2})/", '_', $clean_name);
$clean_name = phpbb_download_clean_filename(current($row));
$suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name;
$store_name = 'att_' . time() . '_' . unique_id();

21
phpBB/includes/functions_download.php
View file

@ -647,3 +647,24 @@ function phpbb_download_check_forum_auth($db, $auth, $topic_id)
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
}
/**
* Cleans a filename of any characters that could potentially cause a problem on
* a user's filesystem.
*
* @param string $filename The filename to clean
*
* @return string The cleaned filename
*/
function phpbb_download_clean_filename($filename)
{
$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
// rawurlencode to convert any potentially 'bad' characters that we missed
$filename = rawurlencode(str_replace($bad_chars, '_', $filename));
// Turn the %xx entities created by rawurlencode to _
$filename = preg_replace("/%(\w{2})/", '_', $filename);
return $filename;
}