diff options
| author | Fyorl <gaelreth@gmail.com> | 2012-08-07 19:24:13 +0100 |
|---|---|---|
| committer | Fyorl <gaelreth@gmail.com> | 2012-08-07 19:24:13 +0100 |
| commit | f0804f2db65b14b98a77e75f9dae243f2c613b86 (patch) | |
| tree | 7ded57a42fd47e642ad2231e3502d5d66b51bd32 | |
| parent | c4655b32f35d5cd0c7637f33162c190786a48c4b (diff) | |
| download | forums-f0804f2db65b14b98a77e75f9dae243f2c613b86.tar forums-f0804f2db65b14b98a77e75f9dae243f2c613b86.tar.gz forums-f0804f2db65b14b98a77e75f9dae243f2c613b86.tar.bz2 forums-f0804f2db65b14b98a77e75f9dae243f2c613b86.tar.xz forums-f0804f2db65b14b98a77e75f9dae243f2c613b86.zip | |
[feature/attach-dl] Manually clean the topic title/post subject
PHPBB3-11042
| -rw-r--r-- | phpBB/download/file.php | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 4b19348bac..d79deadace 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -426,7 +426,6 @@ if ($attachment) if ($attachments) { require_once $phpbb_root_path . 'includes/functions_compress.' . $phpEx; - require_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx; phpbb_increment_downloads($db, $attachment_ids); if (!in_array($archive, compress::methods())) @@ -451,20 +450,11 @@ if ($attachments) $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - $filespec = new filespec(array( - 'tmp_name' => '', - 'size' => 0, - 'name' => ($post_id) ? $row['post_subject'] : $row['topic_title'], - 'type' => '', - )); - $filespec->clean_filename('real'); - $suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $filespec->realname; - - // Remove trailing full stop - if (strrpos($suffix, '.') === strlen($suffix) - 1) - { - $suffix = substr($suffix, 0, strlen($suffix) - 1); - } + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); + $clean_name = ($post_id) ? $row['post_subject'] : $row['topic_title']; + $clean_name = rawurlencode(str_replace($bad_chars, '_', strtolower($clean_name))); + $clean_name = preg_replace("/%(\w{2})/", '_', $clean_name); + $suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name; $store_name = 'att_' . time() . '_' . unique_id(); $archive_name = 'attachments' . $suffix; |