X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=createpdf.pl;fp=createpdf.pl;h=34cd9f425ccddc682e2bd77c904a8d1deb884f27;hb=54684462f793d5b2e76052ab3ff5246972bdc204;hp=86187fba167590e27420cb3930d6e115c28451ea;hpb=1b5ba1dd772f0c77bc9e4c1fe483ba04c262e6b2;p=webpdf

diff --git a/createpdf.pl b/createpdf.pl
index 86187fb..34cd9f4 100755
--- a/createpdf.pl
+++ b/createpdf.pl
@@ -139,8 +139,10 @@ EOF
 
 my $size = -s "output/$pdf_filename";
 
+(my $sanitized_outname = $outname) =~ tr/a-zA-Z0-9. -/_/c;
+
 print "Content-type: application/pdf\n";
-print "Content-disposition: attachment; filename=\"$outname\"\n";  # FIXME: XSS problems?
+print "Content-disposition: attachment; filename=\"$sanitized_outname\"\n";
 print "Content-length: $size\n\n";
 
 system("cat output/$pdf_filename");  # yuck?