Allow () in filenames.
[pr0n] / perl / Sesse / pr0n / WebDAV.pm
index 25b4408705c0c17bd9261a150454b52e693cfb01..fe599303220f919f2a632c427dcab4a0a7c5d2ee 100644 (file)
@@ -408,9 +408,9 @@ EOF
                my $orig_filename = $filename;
 
                # Remove evil characters
-               if ($filename =~ /[^a-zA-Z0-9._-]/) {
+               if ($filename =~ /[^a-zA-Z0-9._()-]/) {
                        if (defined($autorename) && $autorename eq "autorename/") {
-                               $filename =~ tr/a-zA-Z0-9.-/_/c;
+                               $filename =~ tr/a-zA-Z0-9.()-/_/c;
                        } else {
                                $r->status(403);
                                $r->content_type('text/plain; charset=utf-8');
@@ -602,7 +602,7 @@ EOF
 
                        # Try to insert this new file
                        eval {
-                               $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
+                               $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
                                        undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
                                $dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
                                        undef, $r->get_server_name, $event);