From 67f6cc9ec0d07bc4aa1f87e6a6e549ab9b95e4e5 Mon Sep 17 00:00:00 2001
From: Carsten  Rose <carsten.rose@math.uzh.ch>
Date: Sun, 5 Apr 2020 14:06:57 +0200
Subject: [PATCH] Refs #9686 - filename sanitize is fine for browser download,
 but breaks with 'AS _savePdf'. New: 'slashes' again allowed.

---
 extension/Classes/Core/Report/Link.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extension/Classes/Core/Report/Link.php b/extension/Classes/Core/Report/Link.php
index 8e6e0e04d..1bafcc25c 100644
--- a/extension/Classes/Core/Report/Link.php
+++ b/extension/Classes/Core/Report/Link.php
@@ -1529,8 +1529,8 @@ EOF;
         // By default, qfq saves everything HTML encoded. E.g. in form '&#39;' - decode them back to regual UTF-8 text.
         $filename = html_entity_decode($vars[DOWNLOAD_EXPORT_FILENAME], ENT_QUOTES | ENT_XML1, 'UTF-8');
 
-        // Remove unsafe characters.
-        $vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename);
+        // Remove unsafe characters. For '... AS _savePdf' slashes have to be allowed.
+        $vars[DOWNLOAD_EXPORT_FILENAME] = Sanitize::safeFilename($filename, false, true);
 
         return $vars;
     }
-- 
GitLab