From be5cd130500fec48db940abf84e219f92a10daf1 Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Thu, 1 Sep 2011 16:55:12 +0000 Subject: [PATCH] 2011-09-01 Miguel de Dios * operation/incidents/incident_detail.php: fixed the entities in the name of file in the action to upload and delete. Fixes: #3397447 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@4885 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 7 +++++++ pandora_console/operation/incidents/incident_detail.php | 4 ++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index ad5a041d5d..984d496af5 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2011-09-01 Miguel de Dios + + * operation/incidents/incident_detail.php: fixed the entities in the name + of file in the action to upload and delete. + + Fixes: #3397447 + 2011-09-01 Miguel de Dios * include/functions_agents.php: added the other part of logical expression diff --git a/pandora_console/operation/incidents/incident_detail.php b/pandora_console/operation/incidents/incident_detail.php index 0e86ed73a4..da5ce81544 100755 --- a/pandora_console/operation/incidents/incident_detail.php +++ b/pandora_console/operation/incidents/incident_detail.php @@ -93,7 +93,7 @@ if (isset ($_GET["id"])) { $result = db_process_sql ($sql); if (!empty ($result)) { - unlink ($config["attachment_store"]."/pand".$file_id."_".$filename); + unlink ($config["attachment_store"]."/pand".$file_id."_".io_safe_output($filename)); incidents_process_touch ($id_inc); } @@ -129,7 +129,7 @@ if (isset ($_GET["id"])) { // Copy file to directory and change name if ($id_attachment !== false) { - $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename; + $nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$_FILES['userfile']['name']; $result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo); } else { echo '

'.__('File could not be saved due to database error').'

';