[freeside-commits] freeside/httemplate/edit/process cust_main_attach.cgi, 1.4, 1.4.4.1
Mark Wells
mark at wavetail.420.am
Sun Jul 31 01:11:37 PDT 2011
Update of /home/cvs/cvsroot/freeside/httemplate/edit/process
In directory wavetail.420.am:/tmp/cvs-serv4181/httemplate/edit/process
Modified Files:
Tag: FREESIDE_2_1_BRANCH
cust_main_attach.cgi
Log Message:
clean attachment filenames, #13843
Index: cust_main_attach.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_attach.cgi,v
retrieving revision 1.4
retrieving revision 1.4.4.1
diff -u -w -d -r1.4 -r1.4.4.1
--- cust_main_attach.cgi 31 Mar 2010 07:35:46 -0000 1.4
+++ cust_main_attach.cgi 31 Jul 2011 08:11:34 -0000 1.4.4.1
@@ -24,6 +24,10 @@
or die "Illegal attachnum: ". $cgi->param('attachnum');
my $attachnum = $1;
+my $filename = $cgi->param('file');
+# strip directory names; thanks, IE7
+$filename =~ s!.*[\/\\]!!;
+
my $curuser = $FS::CurrentUser::CurrentUser;
my $delete = $cgi->param('delete');
@@ -49,7 +53,7 @@
else {
map { $new->$_($old->$_) }
('_date', 'otaker', 'body', 'disabled');
- $new->filename($cgi->param('filename') || $old->filename);
+ $new->filename($filename || $old->filename);
$new->mime_type($cgi->param('mime_type') || $old->mime_type);
$new->title($cgi->param('title'));
if($delete and not $old->disabled) {
@@ -62,10 +66,10 @@
}
else { # This is a new attachment, so require a file.
- my $filename = $cgi->param('file');
if($filename) {
$new->filename($filename);
- $new->mime_type($cgi->uploadInfo($filename)->{'Content-Type'});
+ # use the original filename here, not the stripped form
+ $new->mime_type($cgi->uploadInfo($cgi->param('file'))->{'Content-Type'});
$new->title($cgi->param('title'));
local $/;
More information about the freeside-commits
mailing list