From 54684462f793d5b2e76052ab3ff5246972bdc204 Mon Sep 17 00:00:00 2001
From: "Steinar H. Gunderson" <sesse@samfundet.no>
Date: Sun, 7 Aug 2005 12:46:46 +0000
Subject: [PATCH] Sanitize output filename.

---
 createpdf.pl | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/createpdf.pl b/createpdf.pl
index 86187fb..34cd9f4 100755
--- a/createpdf.pl
+++ b/createpdf.pl
@@ -139,8 +139,10 @@ EOF
 
 my $size = -s "output/$pdf_filename";
 
+(my $sanitized_outname = $outname) =~ tr/a-zA-Z0-9. -/_/c;
+
 print "Content-type: application/pdf\n";
-print "Content-disposition: attachment; filename=\"$outname\"\n";  # FIXME: XSS problems?
+print "Content-disposition: attachment; filename=\"$sanitized_outname\"\n";
 print "Content-length: $size\n\n";
 
 system("cat output/$pdf_filename");  # yuck?
-- 
2.39.2