[Vtigercrm-commits] [vtiger-commits] r11137 - in /vtigercrm/branches/5.0.3: data/CRMEntity.php modules/Settings/savewordtemplate.php soap/customerportal.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Tue May 29 14:53:14 EDT 2007 

Author: richie
Date: Tue May 29 12:53:07 2007
New Revision: 11137

Log:
* Changed to avoid problems if saving the file if the filename contains space. Now the space in filename will be replaced with _ (underscore)

Modified:
    vtigercrm/branches/5.0.3/data/CRMEntity.php
    vtigercrm/branches/5.0.3/modules/Settings/savewordtemplate.php
    vtigercrm/branches/5.0.3/soap/customerportal.php

Modified: vtigercrm/branches/5.0.3/data/CRMEntity.php
==============================================================================
--- vtigercrm/branches/5.0.3/data/CRMEntity.php (original)
+++ vtigercrm/branches/5.0.3/data/CRMEntity.php Tue May 29 12:53:07 2007
@@ -151,7 +151,7 @@
 
 	
 		// Arbitrary File Upload Vulnerability fix - Philip
-		$binFile = $file_details['name'];
+		$binFile = preg_replace('/\s+/', '_', $file_details['name']);//replace space with _ in filename
 		$ext_pos = strrpos($binFile, ".");
 
 		$ext = substr($binFile, $ext_pos + 1);

Modified: vtigercrm/branches/5.0.3/modules/Settings/savewordtemplate.php
==============================================================================
--- vtigercrm/branches/5.0.3/modules/Settings/savewordtemplate.php (original)
+++ vtigercrm/branches/5.0.3/modules/Settings/savewordtemplate.php Tue May 29 12:53:07 2007
@@ -16,7 +16,7 @@
 
 $uploaddir = $root_directory ."/test/upload/" ;// set this to wherever
 // Arbitrary File Upload Vulnerability fix - Philip
-$binFile = $_FILES['binFile']['name'];
+$binFile =  preg_replace('/\s+/', '_', $_FILES['binFile']['name']);
     $ext_pos = strrpos($binFile, ".");
 
         $ext = substr($binFile, $ext_pos + 1);

Modified: vtigercrm/branches/5.0.3/soap/customerportal.php
==============================================================================
--- vtigercrm/branches/5.0.3/soap/customerportal.php (original)
+++ vtigercrm/branches/5.0.3/soap/customerportal.php Tue May 29 12:53:07 2007
@@ -881,6 +881,8 @@
 
 	$attachmentid = $adb->getUniqueID("vtiger_crmentity");
 
+	//fix for space in file name
+	$filename = preg_replace('/\s+/', '_', $filename);
 	$new_filename = $attachmentid.'_'.$filename;
 
 	$data = base64_decode($filecontents);

More information about the vtigercrm-commits mailing list