From 20b53c1546dbed16ca782176ef9f1c49505b87a2 Mon Sep 17 00:00:00 2001
From: dale tan <wtdtan@gmail.com>
Date: Sun, 2 Jun 2013 11:35:00 -0400
Subject: [PATCH 1/2] removing % sign when present in image name

---
 content/content.upload.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/content/content.upload.php b/content/content.upload.php
index c74f820..bbaa62c 100644
--- a/content/content.upload.php
+++ b/content/content.upload.php
@@ -118,7 +118,14 @@ public function moveUploadedFiles()
 
             foreach ($data['file'] as $i => $file) {
 
-                if (!$valid = $this->validateUploadedFile($file['tmp_name'], $file['name'], intval($file['error']))) {
+                // the /[%]/ list can be added to as seen fit
+                // this is done so that image srcs will not choke when trying to be displayed
+                // since a % sign is a special character for uris.
+                // just using a urlencode will convert % => %25 which has the same affect as above
+                // the urlencode will then at least handle spaces and replacing them with a + sign
+                $encoded_name = urlencode(preg_replace('/[%]/', '', $file['name']));
+
+                if (!$valid = $this->validateUploadedFile($file['tmp_name'], $encoded_name, intval($file['error']))) {
                     return $valid;
                 }
 
@@ -135,7 +142,7 @@ public function moveUploadedFiles()
                 }
 
                 try {
-                    $new_file = $unique ? DirectoryTools::getUniqueName($file['name']) : $file['name'];
+                    $new_file = $unique ? DirectoryTools::getUniqueName($encoded_name) : $encoded_name;
                 } catch (Exception $e) {
                     $this->handleGeneralError('fatal error: {$err}', array('err' => $e->getMessage()));
                     return false;

From 42cd5d708b7279694e1bcbc32b84dae551d1a4d8 Mon Sep 17 00:00:00 2001
From: dale tan <wtdtan@gmail.com>
Date: Sun, 2 Jun 2013 12:07:33 -0400
Subject: [PATCH 2/2] added "&" to the regexp list

---
 content/content.upload.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content/content.upload.php b/content/content.upload.php
index bbaa62c..e41f65b 100644
--- a/content/content.upload.php
+++ b/content/content.upload.php
@@ -118,12 +118,12 @@ public function moveUploadedFiles()
 
             foreach ($data['file'] as $i => $file) {
 
-                // the /[%]/ list can be added to as seen fit
+                // the /[%|&]/ list can be added to as seen fit
                 // this is done so that image srcs will not choke when trying to be displayed
                 // since a % sign is a special character for uris.
                 // just using a urlencode will convert % => %25 which has the same affect as above
                 // the urlencode will then at least handle spaces and replacing them with a + sign
-                $encoded_name = urlencode(preg_replace('/[%]/', '', $file['name']));
+                $encoded_name = urlencode(preg_replace('/[%|&]/', '', $file['name']));
 
                 if (!$valid = $this->validateUploadedFile($file['tmp_name'], $encoded_name, intval($file['error']))) {
                     return $valid;