From 24bbfb23309f7110448feab6c5c36e39d24edbb7 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 17 May 2020 21:27:18 +0200 Subject: [PATCH] [Web] Shorten and sanitize downloaded file names, fixes too long file names in Firefox --- data/web/inc/ajax/qitem_details.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data/web/inc/ajax/qitem_details.php b/data/web/inc/ajax/qitem_details.php index 4f398083..db47f339 100644 --- a/data/web/inc/ajax/qitem_details.php +++ b/data/web/inc/ajax/qitem_details.php @@ -96,7 +96,8 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) { } } if (isset($_GET['eml'])) { - $dl_filename = str_replace('/', '_', $data['subject']); + $dl_filename = preg_replace('/[^a-z\d]/i', '_', $data['subject']); + $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename; header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); @@ -113,7 +114,8 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) { exit(json_encode('Forbidden')); } $dl_id = intval($_GET['att']); - $dl_filename = $data['attachments'][$dl_id][0]; + $dl_filename = preg_replace('/[^a-z\d]/i', '_', $data['attachments'][$dl_id][0]); + $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename; if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) { header('Pragma: public'); header('Expires: 0');