#4808, File name with a comma is allowed to get uploaded, causing delete to fail.

',' and ';' are no longer allowed in file name in file manager.
https://atutor.ca/atutor/mantis/view.php?id=4808

diff --git a/docs/mods/_core/file_manager/upload.php b/docs/mods/_core/file_manager/upload.php
index 88d3298..c337208 100644 (file)
--- a/docs/mods/_core/file_manager/upload.php
+++ b/docs/mods/_core/file_manager/upload.php
@@ -78,7 +78,7 @@ if (isset($_POST['submit'])) {
 
        
                /* anything else should be okay, since we're on *nix.. hopefully */
-               $_FILES['uploadedfile']['name'] = str_replace(array(' ', '/', '\\', ':', '*', '?', '"', '<', '>', '|', '\''), '', $_FILES['uploadedfile']['name']);
+               $_FILES['uploadedfile']['name'] = str_replace(array(' ', ',', '/', '\\', ':', ';', '*', '?', '"', '<', '>', '|', '\''), '', $_FILES['uploadedfile']['name']);
 
                /* if the file size is within allowed limits */
                if( ($_FILES['uploadedfile']['size'] > 0) && ($_FILES['uploadedfile']['size'] <= $my_MaxFileSize) ) {