diff --git a/htdocs/core/lib/files.lib.php b/htdocs/core/lib/files.lib.php index c92d5ab4f25..7f6737afba2 100644 --- a/htdocs/core/lib/files.lib.php +++ b/htdocs/core/lib/files.lib.php @@ -2,6 +2,7 @@ /* Copyright (C) 2008-2012 Laurent Destailleur * Copyright (C) 2012-2013 Regis Houssin * Copyright (C) 2012 Juanjo Menent + * Copyright (C) 2015 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -1041,6 +1042,9 @@ function dol_add_file_process($upload_dir, $allowoverwrite=0, $donotupdatesessio // Define $destpath (path to file including filename) and $destfile (only filename) $destpath=$upload_dir . "/" . $_FILES[$varfiles]['name']; $destfile=$_FILES[$varfiles]['name']; + + $savingdocmask = dol_sanitizeFileName($savingdocmask); + if ($savingdocmask) { $destpath=$upload_dir . "/" . preg_replace('/__file__/',$_FILES[$varfiles]['name'],$savingdocmask); diff --git a/htdocs/core/tpl/document_actions_post_headers.tpl.php b/htdocs/core/tpl/document_actions_post_headers.tpl.php index 75d18c2b1a5..0e91a3e182d 100644 --- a/htdocs/core/tpl/document_actions_post_headers.tpl.php +++ b/htdocs/core/tpl/document_actions_post_headers.tpl.php @@ -1,6 +1,7 @@ * Copyright (C) 2013-2014 Laurent Destailleur + * Copyright (C) 2015 Marcos García * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -48,7 +49,7 @@ if (empty($conf->global->MAIN_DISABLE_SUGGEST_REF_AS_PREFIX)) //var_dump($modulepart); if (in_array($modulepart,array('facture_fournisseur','commande_fournisseur','facture','commande','propal','ficheinter','contract','project','project_task'))) { - $savingdocmask=$object->ref.'-__file__'; + $savingdocmask=dol_sanitizeFileName($object->ref).'-__file__'; } /*if (in_array($modulepart,array('member'))) {