From 7df478477011d2c339c2f01b08c226a1aca64007 Mon Sep 17 00:00:00 2001
From: Fabio Bas <ctrlaltca@gmail.com>
Date: Mon, 7 Dec 2015 19:11:54 +0100
Subject: Fix #558

---
 framework/Web/UI/ActiveControls/TActiveFileUpload.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'framework/Web/UI/ActiveControls/TActiveFileUpload.php')

diff --git a/framework/Web/UI/ActiveControls/TActiveFileUpload.php b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
index b478e119..7f11115a 100755
--- a/framework/Web/UI/ActiveControls/TActiveFileUpload.php
+++ b/framework/Web/UI/ActiveControls/TActiveFileUpload.php
@@ -102,12 +102,9 @@ class TActiveFileUpload extends TFileUpload implements IActiveControl, ICallback
 			$localName = str_replace('\\', '/', tempnam(Prado::getPathOfNamespace($this->getTempPath()),''));
 			parent::saveAs($localName);
 
-			$filename=addslashes($this->getFileName());
-
-
 			$params = new TActiveFileUploadCallbackParams;
 			$params->localName = $localName;
-			$params->fileName = $filename;
+			$params->fileName = addslashes($this->getFileName());
 			$params->fileSize = $this->getFileSize();
 			$params->fileType = $this->getFileType();
 			$params->errorCode = $this->getErrorCode();
@@ -198,7 +195,7 @@ EOS;
 
 			$params = $this->popParamsByToken($cp->callbackToken);
 
-			$_FILES[$key]['name'] = $params->fileName;
+			$_FILES[$key]['name'] = stripslashes($params->fileName);
 			$_FILES[$key]['size'] = intval($params->fileSize);
 			$_FILES[$key]['type'] = $params->fileType;
 			$_FILES[$key]['error'] = intval($params->errorCode);
-- 
cgit v1.2.3