X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fcust_main_attach.cgi;h=cdf93ceabb3b6f4f07707196de0baa7c3f5446c8;hb=1fc8addc56f8daf12397da568eb1ac1b27fd3984;hp=291135718c8199d242d296cb814b82a75f0f2001;hpb=b5c4237a34aef94976bc343c8d9e138664fc3984;p=freeside.git

diff --git a/httemplate/edit/process/cust_main_attach.cgi b/httemplate/edit/process/cust_main_attach.cgi
index 291135718..cdf93ceab 100644
--- a/httemplate/edit/process/cust_main_attach.cgi
+++ b/httemplate/edit/process/cust_main_attach.cgi
@@ -7,11 +7,7 @@
 % $act = 'purged' if($attachnum and $purge);
 % $act = 'undeleted' if($attachnum and $undelete);
 % $act = 'deleted' if($attachnum and $delete);
-<% header('Attachment ' . $act ) %>
-    <SCRIPT TYPE="text/javascript">
-      window.top.location.reload();
-    </SCRIPT>
-    </BODY></HTML>
+<& /elements/popup-topreload.html, mt("Attachment $act") &>
 % }
 <%init>
 
@@ -24,6 +20,10 @@ $cgi->param('attachnum') =~ /^(\d*)$/
   or die "Illegal attachnum: ". $cgi->param('attachnum');
 my $attachnum = $1;
 
+my $filename = $cgi->param('file');
+# strip directory names; thanks, IE7
+$filename =~ s!.*[\/\\]!!;
+
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 my $delete = $cgi->param('delete');
@@ -49,9 +49,9 @@ if($attachnum) {
   else {
     map { $new->$_($old->$_) } 
       ('_date', 'otaker', 'body', 'disabled');
-    $new->filename($cgi->param('filename') || $old->filename);
+    $new->filename($filename || $old->filename);
     $new->mime_type($cgi->param('mime_type') || $old->mime_type);
-    $new->title($cgi->param('title'));
+    $new->title( scalar($cgi->param('title')) );
     if($delete and not $old->disabled) {
       $new->disabled(time);
     }
@@ -62,11 +62,13 @@ if($attachnum) {
 }
 else { # This is a new attachment, so require a file.
 
-  my $filename = $cgi->param('file');
   if($filename) {
     $new->filename($filename);
-    $new->mime_type($cgi->uploadInfo($filename)->{'Content-Type'});
-    $new->title($cgi->param('title'));
+    # use the original filename here, not the stripped form
+    $new->mime_type(
+      $cgi->uploadInfo( scalar($cgi->param('file')) )->{'Content-Type'}
+    );
+    $new->title( scalar($cgi->param('title')) );
     
     local $/;
     my $fh = $cgi->upload('file');