From bbf4d8e656b69a251853cd990e16f16dd99ad491 Mon Sep 17 00:00:00 2001
From: moodler <moodler>
Date: Fri, 16 Apr 2004 06:30:01 +0000
Subject: [PATCH] Simplification and improvement of clean_filename, thanks to
 suggestions from Martin Langhoff <martin@catalyst.net.nz>

---
 lib/moodlelib.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 658253f491..90e94c472f 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1606,14 +1606,13 @@ function display_size($size) {
 
 function clean_filename($string) {
 /// Cleans a given filename by removing suspicious or troublesome characters
-    $string = stripslashes($string);
-    $string = eregi_replace("\.\.", "", $string);
-    $string = eregi_replace("[^(-|[:alnum:]|\.)]", "_", $string);
-    $string = eregi_replace(",", "_", $string);
-    $string = eregi_replace("/", "_", $string);
-    $string = eregi_replace("\(", "_", $string);
-    $string = eregi_replace("\)", "_", $string);
-    return    eregi_replace("_+", "_", $string);
+/// Only these are allowed:
+///    alphanumeric _ - . 
+
+    $string = eregi_replace("\.\.+", "", $string);
+    $string = preg_replace('/[^\.\w-]/','_', $string ); // only allowed chars
+    $string = eregi_replace("_+", "_", $string);
+    return    $string;
 }
 
 
-- 
2.39.5