Allow () in filenames.
[pr0n] / perl / Sesse / pr0n / WebDAV.pm
index 49be2398aa4a5701c4e2ef720f63bb45af803b53..fe599303220f919f2a632c427dcab4a0a7c5d2ee 100644 (file)
@@ -109,7 +109,7 @@ EOF
                                        dberror($r, "Couldn't get events");
                
                                while (my $ref = $q->fetchrow_hashref()) {
-                                       my $id = $ref->{'id'};
+                                       my $id = $ref->{'event'};
                                        my $name = $ref->{'name'};
                                
                                        $name =~ s/&/\&/g;  # hack :-)
@@ -408,9 +408,9 @@ EOF
                my $orig_filename = $filename;
 
                # Remove evil characters
-               if ($filename =~ /[^a-zA-Z0-9._-]/) {
+               if ($filename =~ /[^a-zA-Z0-9._()-]/) {
                        if (defined($autorename) && $autorename eq "autorename/") {
-                               $filename =~ tr/a-zA-Z0-9.-/_/c;
+                               $filename =~ tr/a-zA-Z0-9.()-/_/c;
                        } else {
                                $r->status(403);
                                $r->content_type('text/plain; charset=utf-8');
@@ -602,7 +602,7 @@ EOF
 
                        # Try to insert this new file
                        eval {
-                               $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
+                               $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
                                        undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
                                $dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
                                        undef, $r->get_server_name, $event);