diff options
| author | uckelman <uckelman@nomic.net> | 2010-05-09 22:09:31 +0000 |
|---|---|---|
| committer | uckelman <uckelman@nomic.net> | 2010-05-09 22:09:31 +0000 |
| commit | 4293a2f7e71ecffc84b8520eb4cb150cc43484a5 (patch) | |
| tree | 6a1517f9d0707952abadc6ed16fc7b16591df401 /src/PhpBB3.php | |
| parent | 71446caebefe08d4615c5ae89f622230b323b5ac (diff) | |
Fixed bad SQL.
git-svn-id: https://vassalengine.svn.sourceforge.net/svnroot/vassalengine/site-src/trunk@6843 67b53d14-2c14-4ace-a08f-0dab2b34000c
Diffstat (limited to 'src/PhpBB3.php')
| -rw-r--r-- | src/PhpBB3.php | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/src/PhpBB3.php b/src/PhpBB3.php index 24fe25c..8b0f875 100644 --- a/src/PhpBB3.php +++ b/src/PhpBB3.php @@ -256,18 +256,24 @@ class PhpBB3 { # TODO: check that attachment is a permissible type, size # lifted from include/functions_upload.php: filespec::clean_filename() - $realFilename = $userId . '_' . md5(unique_id()); + $physicalFilename = $userId . '_' . md5(unique_id()); + + # get extension + $dot = strrpos($filename, '.'); + $extension = $pos === false ? '' : substr($filename, $pos + 1); # put the attachment data into the db $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (' . - 'poster_id, is_orphan, physical_filename, attach_comment, ' . - 'extension, mimetype, filesize, filetime' . + 'poster_id, is_orphan, physical_filename, real_filename, ' . + 'attach_comment, extension, mimetype, filesize, filetime' . ') VALUES (' . $userId . ', ' . '1, ' . - '"' . $db->sql_escape($realFilename) . '", ' . - '"' . $db->sql_escape($comment) . '", ' . - '"' . $db->sql_escape($mimetype) . '", ' . + '"' . $physicalFilename . '", ' . + '"' . $db->sql_escape($filename) . '", ' . + '"' . $db->sql_escape($comment) . '", ' . + '"' . $db->sql_escape($extension) . '", ' . + '"' . $db->sql_escape($mimetype) . '", ' . strlen($data) . ', ' . time() . ')'; |