Simplification and improvement of clean_filename, thanks to suggestions

from Martin Langhoff <martin@catalyst.net.nz>

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 658253f491dc6a2476e500d9e0a6eba49d4fa1e3..90e94c472fe86eac721c6743ab99e9bb4e0f5ba3 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1606,14 +1606,13 @@ function display_size($size) {
 
 function clean_filename($string) {
 /// Cleans a given filename by removing suspicious or troublesome characters
-    $string = stripslashes($string);
-    $string = eregi_replace("\.\.", "", $string);
-    $string = eregi_replace("[^(-|[:alnum:]|\.)]", "_", $string);
-    $string = eregi_replace(",", "_", $string);
-    $string = eregi_replace("/", "_", $string);
-    $string = eregi_replace("\(", "_", $string);
-    $string = eregi_replace("\)", "_", $string);
-    return    eregi_replace("_+", "_", $string);
+/// Only these are allowed:
+///    alphanumeric _ - . 
+
+    $string = eregi_replace("\.\.+", "", $string);
+    $string = preg_replace('/[^\.\w-]/','_', $string ); // only allowed chars
+    $string = eregi_replace("_+", "_", $string);
+    return    $string;
 }