EOF
return Apache2::Const::OK;
- } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._-]+)$#) {
+ } elsif ($r->uri =~ m#^/webdav/upload/([a-zA-Z0-9-]+)/([a-zA-Z0-9._()-]+)$#) {
# stat a single file
my ($event, $filename) = ($1, $2);
my ($fname, $size, $mtime);
my $orig_filename = $filename;
# Remove evil characters
- if ($filename =~ /[^a-zA-Z0-9._-]/) {
+ if ($filename =~ /[^a-zA-Z0-9._()-]/) {
if (defined($autorename) && $autorename eq "autorename/") {
- $filename =~ tr/a-zA-Z0-9.-/_/c;
+ $filename =~ tr/a-zA-Z0-9.()-/_/c;
} else {
$r->status(403);
$r->content_type('text/plain; charset=utf-8');
# Try to insert this new file
eval {
- $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?);',
+ $dbh->do('INSERT INTO images (id,vhost,event,uploadedby,takenby,filename) VALUES (?,?,?,?,?,?)',
undef, $newid, $r->get_server_name, $event, $user, $takenby, $filename);
$dbh->do('UPDATE events SET last_update=CURRENT_TIMESTAMP WHERE vhost=? AND event=?',
undef, $r->get_server_name, $event);