diff options
| author | Fyorl <gaelreth@gmail.com> | 2012-08-14 11:42:23 +0100 |
|---|---|---|
| committer | Fyorl <gaelreth@gmail.com> | 2012-08-14 11:42:23 +0100 |
| commit | 20ecd046daf660a7cb5ae7079cea9a6ed26c9bab (patch) | |
| tree | f6f38018513abdef666ce46fb026353c6495a9e2 /phpBB | |
| parent | e8830c3369dbd4b25a4798eeb3fe2c7834825c42 (diff) | |
| download | forums-20ecd046daf660a7cb5ae7079cea9a6ed26c9bab.tar forums-20ecd046daf660a7cb5ae7079cea9a6ed26c9bab.tar.gz forums-20ecd046daf660a7cb5ae7079cea9a6ed26c9bab.tar.bz2 forums-20ecd046daf660a7cb5ae7079cea9a6ed26c9bab.tar.xz forums-20ecd046daf660a7cb5ae7079cea9a6ed26c9bab.zip | |
[feature/attach-dl] Moved filename cleaning into own function
PHPBB3-11042
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/download/file.php | 9 | ||||
| -rw-r--r-- | phpBB/includes/functions_download.php | 21 |
2 files changed, 22 insertions, 8 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 1aeaceb824..4a89aca3e6 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -374,14 +374,7 @@ else trigger_error('ERROR_NO_ATTACHMENT'); } - $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); - $clean_name = current($row); - - // rawurlencode to convert any potentially 'bad' characters that we missed - $clean_name = rawurlencode(str_replace($bad_chars, '_', $clean_name)); - - // Turn the %xx entities created by rawurlencode to _ - $clean_name = preg_replace("/%(\w{2})/", '_', $clean_name); + $clean_name = phpbb_download_clean_filename(current($row)); $suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name; $store_name = 'att_' . time() . '_' . unique_id(); diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php index 22f217909c..f866c6bbfb 100644 --- a/phpBB/includes/functions_download.php +++ b/phpBB/includes/functions_download.php @@ -647,3 +647,24 @@ function phpbb_download_check_forum_auth($db, $auth, $topic_id) trigger_error('SORRY_AUTH_VIEW_ATTACH'); } } + +/** +* Cleans a filename of any characters that could potentially cause a problem on +* a user's filesystem. +* +* @param string $filename The filename to clean +* +* @return string The cleaned filename +*/ +function phpbb_download_clean_filename($filename) +{ + $bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|'); + + // rawurlencode to convert any potentially 'bad' characters that we missed + $filename = rawurlencode(str_replace($bad_chars, '_', $filename)); + + // Turn the %xx entities created by rawurlencode to _ + $filename = preg_replace("/%(\w{2})/", '_', $filename); + + return $filename; +} |