my $orig_filename = $filename;
# Remove evil characters
- if ($filename =~ /[^a-zA-Z0-9._-]/) {
+ if ($filename =~ /[^a-zA-Z0-9._()-]/) {
if (defined($autorename) && $autorename eq "autorename/") {
- $filename =~ tr/a-zA-Z0-9.-/_/c;
+ $filename =~ tr/a-zA-Z0-9.()-/_/c;
} else {
$r->status(403);
$r->content_type('text/plain; charset=utf-8');
# Try to insert this new file
eval {
- $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
+ $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
$dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
undef, $r->get_server_name, $event);