$outname = "$1.pdf";
# Run through ImageMagick first of all, then gs
- open PIPE, "| convert $2:- ps:- | gs $pdfopts -dCompatbilityLevel=1.4 -dNOPAUSE -dPATCH -sDEVICE=pdfwrite -dSAFER -sOutputFile=output/$pdf_filename -c '.setpdfwrite $psopts' -f - >&2"
+ open PIPE, "| convert $2:- pdf:- | gs $pdfopts -dCompatbilityLevel=1.4 -dNOPAUSE -dPATCH -sDEVICE=pdfwrite -dSAFER -sOutputFile=output/$pdf_filename -c '.setpdfwrite $psopts' -f - >&2"
or die "convert: $!";
my ($buf, $ret);
my $size = -s "output/$pdf_filename";
+(my $sanitized_outname = $outname) =~ tr/a-zA-Z0-9. -/_/c;
+
print "Content-type: application/pdf\n";
-print "Content-disposition: attachment; filename=\"$outname\"\n"; # FIXME: XSS problems?
+print "Content-disposition: attachment; filename=\"$sanitized_outname\"\n";
print "Content-length: $size\n\n";
system("cat output/$pdf_filename"); # yuck?