[ticket/12211] Do not run attachment file names twice through htmlspecialchars

Upload filenames are already processed via htmlspecialchars in the
type_cast_helper of the new request class. There is no need to run it through
htmlspecialchars() again in the filespec class.

PHPBB3-12211

phpBB/includes/functions_upload.php

@@ -64,7 +64,7 @@ class filespec
 		$this->filename = $upload_ary['tmp_name'];
 		$this->filesize = $upload_ary['size'];
 		$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
-		$name = trim(utf8_htmlspecialchars(utf8_basename($name)));
+		$name = trim(utf8_basename($name));
 		$this->realname = $this->uploadname = $name;
 		$this->mimetype = $upload_ary['type'];