[freeside-commits] freeside/httemplate/edit/process cust_main_attach.cgi, 1.4, 1.5

Mark Wells mark at wavetail.420.am
Sun Jul 31 01:11:53 PDT 2011


Update of /home/cvs/cvsroot/freeside/httemplate/edit/process
In directory wavetail.420.am:/tmp/cvs-serv4328/httemplate/edit/process

Modified Files:
	cust_main_attach.cgi 
Log Message:
clean attachment filenames, #13843

Index: cust_main_attach.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_attach.cgi,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -w -d -r1.4 -r1.5
--- cust_main_attach.cgi	31 Mar 2010 07:35:46 -0000	1.4
+++ cust_main_attach.cgi	31 Jul 2011 08:11:51 -0000	1.5
@@ -24,6 +24,10 @@
   or die "Illegal attachnum: ". $cgi->param('attachnum');
 my $attachnum = $1;
 
+my $filename = $cgi->param('file');
+# strip directory names; thanks, IE7
+$filename =~ s!.*[\/\\]!!;
+
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 my $delete = $cgi->param('delete');
@@ -49,7 +53,7 @@
   else {
     map { $new->$_($old->$_) } 
       ('_date', 'otaker', 'body', 'disabled');
-    $new->filename($cgi->param('filename') || $old->filename);
+    $new->filename($filename || $old->filename);
     $new->mime_type($cgi->param('mime_type') || $old->mime_type);
     $new->title($cgi->param('title'));
     if($delete and not $old->disabled) {
@@ -62,10 +66,10 @@
 }
 else { # This is a new attachment, so require a file.
 
-  my $filename = $cgi->param('file');
   if($filename) {
     $new->filename($filename);
-    $new->mime_type($cgi->uploadInfo($filename)->{'Content-Type'});
+    # use the original filename here, not the stripped form
+    $new->mime_type($cgi->uploadInfo($cgi->param('file'))->{'Content-Type'});
     $new->title($cgi->param('title'));
     
     local $/;



More information about the freeside-commits mailing list