Commit 67f6cc9e authored by Carsten  Rose's avatar Carsten Rose

Refs #9686 - filename sanitize is fine for browser download, but breaks with...

Refs #9686 - filename sanitize is fine for browser download, but breaks with 'AS _savePdf'. New: 'slashes' again allowed.
parent 30b0a002
Pipeline #3398 passed with stages
in 3 minutes and 27 seconds
......@@ -1529,8 +1529,8 @@ EOF;
// By default, qfq saves everything HTML encoded. E.g. in form ''' - decode them back to regual UTF-8 text.
$filename = html_entity_decode($vars[DOWNLOAD_EXPORT_FILENAME], ENT_QUOTES | ENT_XML1, 'UTF-8');
// Remove unsafe characters.
$vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename);
// Remove unsafe characters. For '... AS _savePdf' slashes have to be allowed.
$vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename, false, true);
return $vars;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment