iwyg · dtan · Jun 2, 2013 · Jun 2, 2013
diff --git a/content/content.upload.php b/content/content.upload.php
@@ -118,7 +118,14 @@ public function moveUploadedFiles()
 
             foreach ($data['file'] as $i => $file) {
 
-                if (!$valid = $this->validateUploadedFile($file['tmp_name'], $file['name'], intval($file['error']))) {
+                // the /[%|&]/ list can be added to as seen fit
+                // this is done so that image srcs will not choke when trying to be displayed
+                // since a % sign is a special character for uris.
+                // just using a urlencode will convert % => %25 which has the same affect as above
+                // the urlencode will then at least handle spaces and replacing them with a + sign
+                $encoded_name = urlencode(preg_replace('/[%|&]/', '', $file['name']));
+
+                if (!$valid = $this->validateUploadedFile($file['tmp_name'], $encoded_name, intval($file['error']))) {
                     return $valid;
                 }
 
@@ -135,7 +142,7 @@ public function moveUploadedFiles()
                 }
 
                 try {
-                    $new_file = $unique ? DirectoryTools::getUniqueName($file['name']) : $file['name'];
+                    $new_file = $unique ? DirectoryTools::getUniqueName($encoded_name) : $encoded_name;
                 } catch (Exception $e) {
                     $this->handleGeneralError('fatal error: {$err}', array('err' => $e->getMessage()));
                     return false;