diff options
| author | mark <mark> | 2011-07-31 08:11:35 +0000 | 
|---|---|---|
| committer | mark <mark> | 2011-07-31 08:11:35 +0000 | 
| commit | dcc698164f1f2b43a32b5503716fc7329c203714 (patch) | |
| tree | 9d03a81a8d450fe7400f203a96060fc30923bc50 /httemplate/edit/process | |
| parent | 873ec8e0528b7a944aec88936538fe9a04cd0b3f (diff) | |
clean attachment filenames, #13843
Diffstat (limited to 'httemplate/edit/process')
| -rw-r--r-- | httemplate/edit/process/cust_main_attach.cgi | 10 | 
1 files changed, 7 insertions, 3 deletions
| diff --git a/httemplate/edit/process/cust_main_attach.cgi b/httemplate/edit/process/cust_main_attach.cgi index 291135718..09c18adcb 100644 --- a/httemplate/edit/process/cust_main_attach.cgi +++ b/httemplate/edit/process/cust_main_attach.cgi @@ -24,6 +24,10 @@ $cgi->param('attachnum') =~ /^(\d*)$/    or die "Illegal attachnum: ". $cgi->param('attachnum');  my $attachnum = $1; +my $filename = $cgi->param('file'); +# strip directory names; thanks, IE7 +$filename =~ s!.*[\/\\]!!; +  my $curuser = $FS::CurrentUser::CurrentUser;  my $delete = $cgi->param('delete'); @@ -49,7 +53,7 @@ if($attachnum) {    else {      map { $new->$_($old->$_) }         ('_date', 'otaker', 'body', 'disabled'); -    $new->filename($cgi->param('filename') || $old->filename); +    $new->filename($filename || $old->filename);      $new->mime_type($cgi->param('mime_type') || $old->mime_type);      $new->title($cgi->param('title'));      if($delete and not $old->disabled) { @@ -62,10 +66,10 @@ if($attachnum) {  }  else { # This is a new attachment, so require a file. -  my $filename = $cgi->param('file');    if($filename) {      $new->filename($filename); -    $new->mime_type($cgi->uploadInfo($filename)->{'Content-Type'}); +    # use the original filename here, not the stripped form +    $new->mime_type($cgi->uploadInfo($cgi->param('file'))->{'Content-Type'});      $new->title($cgi->param('title'));      local $/; | 
