Refs #9686 - filename sanitize is fine for browser download, but breaks with...

Refs #9686 - filename sanitize is fine for browser download, but breaks with 'AS _savePdf'. New: 'slashes' again allowed.

Refs #9686 - filename sanitize is fine for browser download, but breaks with...
Refs #9686 - filename sanitize is fine for browser download, but breaks with 'AS _savePdf'. New: 'slashes' again allowed.
67f6cc9e · Carsten Rose · 30b0a002 · 67f6cc9e
Commit 67f6cc9e authored Apr 05, 2020 by Carsten Rose
--- a/extension/Classes/Core/Report/Link.php
+++ b/extension/Classes/Core/Report/Link.php
@@ -1529,8 +1529,8 @@ EOF;
        // By default, qfq saves everything HTML encoded. E.g. in form '&#39;' - decode them back to regual UTF-8 text.
        $filename = html_entity_decode($vars[DOWNLOAD_EXPORT_FILENAME], ENT_QUOTES | ENT_XML1, 'UTF-8');

-        // Remove unsafe characters.
-        $vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename);
+        // Remove unsafe characters. For '... AS _savePdf' slashes have to be allowed.
+        $vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename, false, true);

        return $vars;
    }