From 24bbfb23309f7110448feab6c5c36e39d24edbb7 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 17 May 2020 21:27:18 +0200
Subject: [PATCH] [Web] Shorten and sanitize downloaded file names, fixes too
 long file names in Firefox

---
 data/web/inc/ajax/qitem_details.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/data/web/inc/ajax/qitem_details.php b/data/web/inc/ajax/qitem_details.php
index 4f398083..db47f339 100644
--- a/data/web/inc/ajax/qitem_details.php
+++ b/data/web/inc/ajax/qitem_details.php
@@ -96,7 +96,8 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
       }
     }
     if (isset($_GET['eml'])) {
-      $dl_filename = str_replace('/', '_', $data['subject']);
+      $dl_filename = preg_replace('/[^a-z\d]/i', '_', $data['subject']);
+      $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
       header('Pragma: public');
       header('Expires: 0');
       header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
@@ -113,7 +114,8 @@ if (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
         exit(json_encode('Forbidden'));
       }
       $dl_id = intval($_GET['att']);
-      $dl_filename = $data['attachments'][$dl_id][0];
+      $dl_filename = preg_replace('/[^a-z\d]/i', '_', $data['attachments'][$dl_id][0]);
+      $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
       if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) {
         header('Pragma: public');
         header('Expires: 0');