From 4293a2f7e71ecffc84b8520eb4cb150cc43484a5 Mon Sep 17 00:00:00 2001 From: uckelman Date: Sun, 9 May 2010 22:09:31 +0000 Subject: Fixed bad SQL. git-svn-id: https://vassalengine.svn.sourceforge.net/svnroot/vassalengine/site-src/trunk@6843 67b53d14-2c14-4ace-a08f-0dab2b34000c --- src/PhpBB3.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/PhpBB3.php b/src/PhpBB3.php index 24fe25c..8b0f875 100644 --- a/src/PhpBB3.php +++ b/src/PhpBB3.php @@ -256,18 +256,24 @@ class PhpBB3 { # TODO: check that attachment is a permissible type, size # lifted from include/functions_upload.php: filespec::clean_filename() - $realFilename = $userId . '_' . md5(unique_id()); + $physicalFilename = $userId . '_' . md5(unique_id()); + + # get extension + $dot = strrpos($filename, '.'); + $extension = $pos === false ? '' : substr($filename, $pos + 1); # put the attachment data into the db $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (' . - 'poster_id, is_orphan, physical_filename, attach_comment, ' . - 'extension, mimetype, filesize, filetime' . + 'poster_id, is_orphan, physical_filename, real_filename, ' . + 'attach_comment, extension, mimetype, filesize, filetime' . ') VALUES (' . $userId . ', ' . '1, ' . - '"' . $db->sql_escape($realFilename) . '", ' . - '"' . $db->sql_escape($comment) . '", ' . - '"' . $db->sql_escape($mimetype) . '", ' . + '"' . $physicalFilename . '", ' . + '"' . $db->sql_escape($filename) . '", ' . + '"' . $db->sql_escape($comment) . '", ' . + '"' . $db->sql_escape($extension) . '", ' . + '"' . $db->sql_escape($mimetype) . '", ' . strlen($data) . ', ' . time() . ')'; -- cgit v1.2.3