From 54986a9a52e0958e8d6710ce11de844fe47d5b7a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <jan.h.boehmer@gmx.de>
Date: Sun, 13 Oct 2019 13:41:20 +0200
Subject: [PATCH] Filter attachment name for uploaded filename.

---
 src/Services/AttachmentHelper.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Services/AttachmentHelper.php b/src/Services/AttachmentHelper.php
index e280115d..a5a23da1 100644
--- a/src/Services/AttachmentHelper.php
+++ b/src/Services/AttachmentHelper.php
@@ -203,8 +203,8 @@ class AttachmentHelper
         $folder = $this->generateFolderForAttachment($attachment);
 
         //Sanatize filename
-        $originalFilename = pathinfo($file->getClientOriginalName(), PATHINFO_FILENAME);
-        $newFilename = $attachment->getName() . '-' . uniqid('', false) . '.' . $file->getClientOriginalExtension();
+        $safeName = transliterator_transliterate('Any-Latin; Latin-ASCII; [^A-Za-z0-9_] remove; Lower()', $attachment->getName());
+        $newFilename = $safeName . '-' . uniqid('', false) . '.' . $file->getClientOriginalExtension();
 
         //Move our temporay attachment to its final location
         $file_path = $file->move($folder, $newFilename)->getRealPath();