diff options
| author | mattab <matthieu.aubry@gmail.com> | 2015-03-31 06:44:51 +0300 |
|---|---|---|
| committer | mattab <matthieu.aubry@gmail.com> | 2015-03-31 06:44:51 +0300 |
| commit | ea59c0ed4a1a25183105097848a71272647bc614 (patch) | |
| tree | 4cb24dacf61b1aab990172e9859ca2486c6356f1 /core/ReportRenderer | |
| parent | d9b4bd8b7bcbbe7c1bac585805409cd97d5f939d (diff) | |
Safe net against http header injection in email reports as the string can contain user submitted content
(likely it's been escaped upstream but we rather ensure security)
also fixes #7358
Diffstat (limited to 'core/ReportRenderer')
| -rw-r--r-- | core/ReportRenderer/Pdf.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/core/ReportRenderer/Pdf.php b/core/ReportRenderer/Pdf.php index 3843cd942c..bc82cd85ce 100644 --- a/core/ReportRenderer/Pdf.php +++ b/core/ReportRenderer/Pdf.php @@ -123,7 +123,7 @@ class Pdf extends ReportRenderer public function sendToDisk($filename) { - $filename = ReportRenderer::appendExtension($filename, self::PDF_CONTENT_TYPE); + $filename = ReportRenderer::makeFilenameWithExtension($filename, self::PDF_CONTENT_TYPE); $outputFilename = ReportRenderer::getOutputPath($filename); $this->TCPDF->Output($outputFilename, 'F'); @@ -133,13 +133,13 @@ class Pdf extends ReportRenderer public function sendToBrowserDownload($filename) { - $filename = ReportRenderer::appendExtension($filename, self::PDF_CONTENT_TYPE); + $filename = ReportRenderer::makeFilenameWithExtension($filename, self::PDF_CONTENT_TYPE); $this->TCPDF->Output($filename, 'D'); } public function sendToBrowserInline($filename) { - $filename = ReportRenderer::appendExtension($filename, self::PDF_CONTENT_TYPE); + $filename = ReportRenderer::makeFilenameWithExtension($filename, self::PDF_CONTENT_TYPE); $this->TCPDF->Output($filename, 'I'); } |