From f0804f2db65b14b98a77e75f9dae243f2c613b86 Mon Sep 17 00:00:00 2001
From: Fyorl <gaelreth@gmail.com>
Date: Tue, 7 Aug 2012 19:24:13 +0100
Subject: [PATCH] [feature/attach-dl] Manually clean the topic title/post
 subject

PHPBB3-11042
---
 phpBB/download/file.php | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 4b19348bac..d79deadace 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -426,7 +426,6 @@ if ($attachment)
 if ($attachments)
 {
 	require_once $phpbb_root_path . 'includes/functions_compress.' . $phpEx;
-	require_once $phpbb_root_path . 'includes/functions_upload.' . $phpEx;
 	phpbb_increment_downloads($db, $attachment_ids);
 
 	if (!in_array($archive, compress::methods()))
@@ -451,20 +450,11 @@ if ($attachments)
 	$row = $db->sql_fetchrow($result);
 	$db->sql_freeresult($result);
 
-	$filespec = new filespec(array(
-		'tmp_name' => '',
-		'size' => 0,
-		'name' => ($post_id) ? $row['post_subject'] : $row['topic_title'],
-		'type' => '',
-	));
-	$filespec->clean_filename('real');
-	$suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $filespec->realname;
-
-	// Remove trailing full stop
-	if (strrpos($suffix, '.') === strlen($suffix) - 1)
-	{
-		$suffix = substr($suffix, 0, strlen($suffix) - 1);
-	}
+	$bad_chars = array("'", "\\", ' ', '/', ':', '*', '?', '"', '<', '>', '|');
+	$clean_name = ($post_id) ? $row['post_subject'] : $row['topic_title'];
+	$clean_name = rawurlencode(str_replace($bad_chars, '_', strtolower($clean_name)));
+	$clean_name = preg_replace("/%(\w{2})/", '_', $clean_name);
+	$suffix = '_' . (($post_id) ? $post_id : $topic_id) . '_' . $clean_name;
 
 	$store_name = 'att_' . time() . '_' . unique_id();
 	$archive_name = 'attachments' . $suffix;