@@ -351,28 +351,10 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){
351351 $ disallowed_file_extensions = explode (', ' ,'sh,ssh,so,dll,exe,bat,vbs,zip,rar,z,tar,tbz,tgz,gz ' );
352352 if (in_array ($ fax_file_extension , $ disallowed_file_extensions ) || $ fax_file_extension == '' ) { continue ; }
353353
354- $ fax_name = $ _files ['name ' ][$ index ];
355- $ fax_name = preg_replace ('/ \\.[^. \\s]{3,4}$/ ' , '' , $ fax_name );
356- $ fax_name = str_replace (" " , "_ " , $ fax_name );
357-
358- //lua doesn't seem to like special chars with env:GetHeader
359- $ fax_name = str_replace ("; " , "_ " , $ fax_name );
360- $ fax_name = str_replace (", " , "_ " , $ fax_name );
361- $ fax_name = str_replace ("' " , "_ " , $ fax_name );
362- $ fax_name = str_replace ("! " , "_ " , $ fax_name );
363- $ fax_name = str_replace ("@ " , "_ " , $ fax_name );
364- $ fax_name = str_replace ("# " , "_ " , $ fax_name );
365- $ fax_name = str_replace ("$ " , "_ " , $ fax_name );
366- $ fax_name = str_replace ("% " , "_ " , $ fax_name );
367- $ fax_name = str_replace ("^ " , "_ " , $ fax_name );
368- $ fax_name = str_replace ("` " , "_ " , $ fax_name );
369- $ fax_name = str_replace ("~ " , "_ " , $ fax_name );
370- $ fax_name = str_replace ("& " , "_ " , $ fax_name );
371- $ fax_name = str_replace ("( " , "_ " , $ fax_name );
372- $ fax_name = str_replace (") " , "_ " , $ fax_name );
373- $ fax_name = str_replace ("+ " , "_ " , $ fax_name );
374- $ fax_name = str_replace ("= " , "_ " , $ fax_name );
354+ //use a safe file name
355+ $ fax_name = md5 ($ _files ['name ' ][$ index ]);
375356
357+ //rename the file
376358 $ attachment_file_name = $ _files ['name ' ][$ index ];
377359 if ($ attachment_file_name != $ fax_name .'. ' .$ fax_file_extension ) {
378360 rename ($ dir_fax_temp .'/ ' .$ attachment_file_name , $ dir_fax_temp .'/ ' .$ fax_name .'. ' .$ fax_file_extension );
@@ -382,7 +364,7 @@ function fax_split_dtmf(&$fax_number, &$fax_dtmf){
382364 if (!$ included ) {
383365 //check if directory exists
384366 if (!is_dir ($ dir_fax_temp )) {
385- event_socket_mkdir ($ dir_fax_temp );
367+ mkdir ($ dir_fax_temp, 0770 );
386368 }
387369 //move uploaded file
388370 move_uploaded_file ($ _files ['tmp_name ' ][$ index ], $ dir_fax_temp .'/ ' .$ fax_name .'. ' .$ fax_file_extension );
0 commit comments