From e4f3f1ff292c38791ab535c4f34096905305bd8f Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Tue, 3 Sep 2019 17:32:50 +0530
Subject: [PATCH] File security through obscurity is supported

---
 modules/Documents/views/FilePreview.php                        | 3 ++-
 modules/Vtiger/models/Record.php                               | 2 +-
 .../ModComments/modules/ModComments/views/FilePreview.php      | 3 ++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/Documents/views/FilePreview.php b/modules/Documents/views/FilePreview.php
index 884d9f80c..a3446fdec 100644
--- a/modules/Documents/views/FilePreview.php
+++ b/modules/Documents/views/FilePreview.php
@@ -41,10 +41,11 @@ class Documents_FilePreview_View extends Vtiger_IndexAjax_View {
 		if (!empty ($fileDetails)) {
 			$filePath = $fileDetails['path'];
 			$fileName = $fileDetails['name'];
+            $storedFileName = $fileDetails['storedname'];
 
 			if ($recordModel->get('filelocationtype') == 'I') {
 				$fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset'));
-				$savedFile = $fileDetails['attachmentsid']."_".Vtiger_Util_Helper::getEncryptedFileName($fileName);
+				$savedFile = $fileDetails['attachmentsid']."_".$storedFileName;
 
 				$fileSize = filesize($filePath.$savedFile);
 				$fileSize = $fileSize + ($fileSize % 1024);
diff --git a/modules/Vtiger/models/Record.php b/modules/Vtiger/models/Record.php
index 0a5662602..00e4b3198 100644
--- a/modules/Vtiger/models/Record.php
+++ b/modules/Vtiger/models/Record.php
@@ -601,7 +601,7 @@ class Vtiger_Record_Model extends Vtiger_Base_Model {
 				header("Content-type: ".$fileDetails['type']);
 				header("Pragma: public");
 				header("Cache-Control: private");
-				header("Content-Disposition: attachment; filename=\"$savedFile\"");
+				header("Content-Disposition: attachment; filename=\"$fileName\"");
 				header("Content-Description: PHP Generated Data");
 				header("Content-Encoding: none");
 			}
diff --git a/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php b/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php
index 49be94669..79081deae 100644
--- a/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php
+++ b/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php
@@ -36,8 +36,9 @@ class ModComments_FilePreview_View extends Vtiger_IndexAjax_View {
 		if (!empty($fileDetails)) {
 			$filePath = $fileDetails['path'];
 			$fileName = $fileDetails['name'];
+            $storedFileName = $fileDetails['storedname'];
 			$fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset'));
-			$savedFile = $fileDetails['attachmentsid']."_".Vtiger_Util_Helper::getEncryptedFileName($fileName);
+			$savedFile = $fileDetails['attachmentsid']."_".$storedFileName;
 
 			$fileSize = filesize($filePath.$savedFile);
 			$fileSize = $fileSize + ($fileSize % 1024);
-- 
GitLab