From 9f4df44da6ce8da718c3b39db3d78d9e6db76eaa Mon Sep 17 00:00:00 2001
From: yozmag <joao.verissimo@cm-ferreiradozezere.pt>
Date: Fri, 18 Jan 2019 14:57:28 +0000
Subject: [PATCH] Make filename safe

Using the joomla cms framework to make the filename safe, removing special caracters. From https://docs.joomla.org/How_to_use_the_filesystem_package#Upload_a_file .
---
 attachments_component/site/helper.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/attachments_component/site/helper.php b/attachments_component/site/helper.php
index 59eb27d6..7d9a2782 100644
--- a/attachments_component/site/helper.php
+++ b/attachments_component/site/helper.php
@@ -432,10 +432,7 @@ public static function upload_file(&$attachment, &$parent, $attachment_id=false,
 			}
 
 		// Get the new filename
-		// (Note: The following replacement is necessary to allow
-		//		  single quotes in filenames to work correctly.)
-		// Trim of any trailing period (to avoid exploits)
-		$filename = rtrim(JString::str_ireplace("\'", "'", $_FILES['upload']['name']), '.');
+		$filename = JFile::makeSafe(strtolower($_FILES['upload']['name']));
 		$ftype = $_FILES['upload']['type'];
 
 		// Check the file size