From 7df478477011d2c339c2f01b08c226a1aca64007 Mon Sep 17 00:00:00 2001
From: Fabio Bas <ctrlaltca@gmail.com>
Date: Mon, 7 Dec 2015 19:11:54 +0100
Subject: Fix #558

---
 HISTORY                                               | 1 +
 framework/Web/UI/ActiveControls/TActiveFileUpload.php | 7 ++-----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/HISTORY b/HISTORY
index d2a6cca0..910e7bcc 100644
--- a/HISTORY
+++ b/HISTORY
@@ -3,6 +3,7 @@ Version 3.3.0 December ??, 2015
 CHG: Added jQuery and rebased PRADO's effect and controls on it (ctrlaltca)
 ENH: Added jQueryUI and created new controls (ctrlaltca)
 ENH: Added Bootstrap3 (daniel)
+BUG: Issue #558 - TActiveFileUpload escaping ' in file names (ctrlaltca)
 BUG: Issue #550 - TActivePager not working correctly on XAMP 5.6.3 (LCSKJ)
 BUG: Issue #549 - TSqlCriteria, not possible to reset value of condition (majuca)
 BUG: Issue #542 - Fix clientside validation in TActiveCustomValidator (majuca)
diff --git a/framework/Web/UI/ActiveControls/TActiveFileUpload.php b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
index b478e119..7f11115a 100755
--- a/framework/Web/UI/ActiveControls/TActiveFileUpload.php
+++ b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
@@ -102,12 +102,9 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback
 			$localName = str_replace('\\', '/', tempnam(Prado::getPathOfNamespace($this->getTempPath()),''));
 			parent::saveAs($localName);
 
-			$filename=addslashes($this->getFileName());
-
-
 			$params = new TActiveFileUploadCallbackParams;
 			$params->localName = $localName;
-			$params->fileName = $filename;
+			$params->fileName = addslashes($this->getFileName());
 			$params->fileSize = $this->getFileSize();
 			$params->fileType = $this->getFileType();
 			$params->errorCode = $this->getErrorCode();
@@ -198,7 +195,7 @@ EOS;
 
 			$params = $this->popParamsByToken($cp->callbackToken);
 
-			$_FILES[$key]['name'] = $params->fileName;
+			$_FILES[$key]['name'] = stripslashes($params->fileName);
 			$_FILES[$key]['size'] = intval($params->fileSize);
 			$_FILES[$key]['type'] = $params->fileType;
 			$_FILES[$key]['error'] = intval($params->errorCode);
-- 
cgit v1.2.3