diff --git a/data/CRMEntity.php b/data/CRMEntity.php index dc367763c29fcc503134f747be144af97133a4eb..e36c9cda05b6368403ea7023c279cc023652d8e4 100644 --- a/data/CRMEntity.php +++ b/data/CRMEntity.php @@ -186,17 +186,20 @@ class CRMEntity { if ($save_file == 'false') { return false; } + + $binFile = sanitizeUploadFileName($file_name, $upload_badext); + + $current_id = $adb->getUniqueID("vtiger_crmentity"); // Check 2 $save_file = 'true'; //only images are allowed for these modules if ($module == 'Contacts' || $module == 'Products') { $save_file = validateImageFile($file_details); - } - - $binFile = sanitizeUploadFileName($file_name, $upload_badext); - - $current_id = $adb->getUniqueID("vtiger_crmentity"); + $serverFileName = $current_id . "_" . $binFile; + } else { + $serverFileName = md5($current_id . "_" . $binFile); + } $filename = ltrim(basename(" " . $binFile)); //allowed filename like UTF-8 characters $filetype = $file_details['type']; @@ -206,7 +209,7 @@ class CRMEntity { $upload_file_path = decideFilePath(); // upload the file in server - $upload_status = copy($filetmp_name, $upload_file_path . $current_id . "_" . $binFile); + $upload_status = copy($filetmp_name, $upload_file_path . $serverFileName); // temporary file will be deleted at the end of request if ($save_file == 'true' && $upload_status == 'true') { diff --git a/modules/Documents/models/Record.php b/modules/Documents/models/Record.php index 1c12401d9610a073d85e164b002c67b10d4f772f..dc876f54c8fc4820344206c6d7971b0821887c77 100644 --- a/modules/Documents/models/Record.php +++ b/modules/Documents/models/Record.php @@ -75,7 +75,7 @@ class Documents_Record_Model extends Vtiger_Record_Model { if ($this->get('filelocationtype') == 'I') { $fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset')); - $savedFile = $fileDetails['attachmentsid']."_".$fileName; + $savedFile = md5($fileDetails['attachmentsid']."_".$fileName); while(ob_get_level()) { ob_end_clean(); diff --git a/modules/Documents/views/FilePreview.php b/modules/Documents/views/FilePreview.php index b73f661186cd35696666c2d0326fb7351f80427a..010e1e2b698a6064cfcb555c10a29bfdab2343c3 100644 --- a/modules/Documents/views/FilePreview.php +++ b/modules/Documents/views/FilePreview.php @@ -44,7 +44,7 @@ class Documents_FilePreview_View extends Vtiger_IndexAjax_View { if ($recordModel->get('filelocationtype') == 'I') { $fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset')); - $savedFile = $fileDetails['attachmentsid']."_".$fileName; + $savedFile = md5($fileDetails['attachmentsid']."_".$fileName); $fileSize = filesize($filePath.$savedFile); $fileSize = $fileSize + ($fileSize % 1024); diff --git a/modules/Emails/actions/DownloadFile.php b/modules/Emails/actions/DownloadFile.php index 01aabbbf81a6ee38da1ee259d31910414ef36b65..f21b6f0408eee96c4933558175971161f11223aa 100644 --- a/modules/Emails/actions/DownloadFile.php +++ b/modules/Emails/actions/DownloadFile.php @@ -34,7 +34,7 @@ class Emails_DownloadFile_Action extends Vtiger_Action_Controller { $name = $row["name"]; $filepath = $row["path"]; $name = decode_html($name); - $saved_filename = $attachmentId."_".$name; + $saved_filename = md5($attachmentId."_".$name); $disk_file_size = filesize($filepath.$saved_filename); $filesize = $disk_file_size + ($disk_file_size % 1024); $fileContent = fread(fopen($filepath.$saved_filename, "r"), $filesize); diff --git a/modules/Vtiger/models/Record.php b/modules/Vtiger/models/Record.php index be7e4fc2b40d5de8f280393dd34150934f51fd43..2433bb89749222fc9b27075c0f474f59761082f7 100644 --- a/modules/Vtiger/models/Record.php +++ b/modules/Vtiger/models/Record.php @@ -590,7 +590,7 @@ class Vtiger_Record_Model extends Vtiger_Base_Model { $filePath = $fileDetails['path']; $fileName = $fileDetails['name']; $fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset')); - $savedFile = $fileDetails['attachmentsid']."_".$fileName; + $savedFile = md5($fileDetails['attachmentsid']."_".$fileName); $fileSize = filesize($filePath.$savedFile); $fileSize = $fileSize + ($fileSize % 1024); if (fopen($filePath.$savedFile, "r")) { diff --git a/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php b/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php index c1d31288870cb03dad126d21df60acdde1390abc..6816cbbb23d27e299c783914cd85dc9bc7e2d117 100644 --- a/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php +++ b/pkg/vtiger/modules/ModComments/modules/ModComments/views/FilePreview.php @@ -37,7 +37,7 @@ class ModComments_FilePreview_View extends Vtiger_IndexAjax_View { $filePath = $fileDetails['path']; $fileName = $fileDetails['name']; $fileName = html_entity_decode($fileName, ENT_QUOTES, vglobal('default_charset')); - $savedFile = $fileDetails['attachmentsid']."_".$fileName; + $savedFile = md5($fileDetails['attachmentsid']."_".$fileName); $fileSize = filesize($filePath.$savedFile); $fileSize = $fileSize + ($fileSize % 1024);