From 4293a2f7e71ecffc84b8520eb4cb150cc43484a5 Mon Sep 17 00:00:00 2001
From: uckelman <uckelman@nomic.net>
Date: Sun, 9 May 2010 22:09:31 +0000
Subject: Fixed bad SQL.

git-svn-id: https://vassalengine.svn.sourceforge.net/svnroot/vassalengine/site-src/trunk@6843 67b53d14-2c14-4ace-a08f-0dab2b34000c
---
 src/PhpBB3.php | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'src/PhpBB3.php')

diff --git a/src/PhpBB3.php b/src/PhpBB3.php
index 24fe25c..8b0f875 100644
--- a/src/PhpBB3.php
+++ b/src/PhpBB3.php
@@ -256,18 +256,24 @@ class PhpBB3 {
 # TODO: check that attachment is a permissible type, size
 
     # lifted from include/functions_upload.php: filespec::clean_filename()
-    $realFilename = $userId . '_' . md5(unique_id()); 
+    $physicalFilename = $userId . '_' . md5(unique_id()); 
+
+    # get extension
+    $dot = strrpos($filename, '.');
+    $extension = $pos === false ? '' : substr($filename, $pos + 1);
 
     # put the attachment data into the db
     $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (' .
-             'poster_id, is_orphan, physical_filename, attach_comment, ' .
-             'extension, mimetype, filesize, filetime' .
+             'poster_id, is_orphan, physical_filename, real_filename, ' .
+             'attach_comment, extension, mimetype, filesize, filetime' .
            ') VALUES (' .
              $userId . ', ' .
              '1, ' .
-             '"' . $db->sql_escape($realFilename) . '", ' .
-             '"' . $db->sql_escape($comment) . '", ' .
-             '"' . $db->sql_escape($mimetype) . '", ' .
+             '"' . $physicalFilename           . '", ' .
+             '"' . $db->sql_escape($filename)  . '", ' .
+             '"' . $db->sql_escape($comment)   . '", ' .
+             '"' . $db->sql_escape($extension) . '", ' .
+             '"' . $db->sql_escape($mimetype)  . '", ' .
              strlen($data) . ', ' .
              time() .
            ')';
-- 
cgit v1.2.3