Fixed problem when uploading images with spaces in the filename

admin/index.php

@@ -49,8 +49,8 @@ if ($user->isAdmin()) {
 				$_POST["url"] = $conf->urlGelato."/uploads/".$photoName;
 			}
 			
-			if ( move_uploaded_file( $_FILES['photo']['tmp_name'], "../uploads/".$_FILES['photo']['name'] ) ) {
-				$_POST["url"] = $conf->urlGelato."/uploads/".$_FILES['photo']['name'];
+			if ( move_uploaded_file( $_FILES['photo']['tmp_name'], "../uploads/".sanitizeName($_FILES['photo']['name']) ) ) {
+				$_POST["url"] = $conf->urlGelato."/uploads/".sanitizeName($_FILES['photo']['name']);
 			}
 			
 			unset($_POST["photo"]);
@@ -359,7 +359,7 @@ if ($user->isAdmin()) {
 									$template->cargarPlantilla($input, $output, "template_regular_post");
 									$template->mostrarPlantilla();
 									break;
-								case "2":						
+								case "2":
 									$fileName = "../uploads/".getFileName($register["url"]);
 									
 									$x = @getimagesize($fileName);						

classes/functions.php

@@ -82,8 +82,8 @@
 		}
 	}
 	
-	function getFile($remoteFileName) {		
-		$fileName = "../uploads/".getFileName($remoteFileName);
+	function getFile($remoteFileName) {
+		$fileName = sanitizeName("../uploads/".$remoteFileName);
 		$str = _file_get_contents($remoteFileName);
 		if (!$handle = fopen($fileName, 'w')) {
 			return false;
@@ -165,7 +165,21 @@
  		}
  		closedir($handle);
  		return $dirs;
- 	}	
+ 	}
+
+	function sanitizeName($name) {
+		$name = preg_replace('/[\'"]/', '', $name);
+		$name = preg_replace('/[^a-zA-Z0-9]+/', '-', $name);
+		$name = trim($name, '-');
+		$name = strtolower($name);
+		//HACK: We need to rework the regular expression to allow the dot
+		$ext = substr($name, strlen($name)-3, strlen($name));
+		$body = substr($name, 0, strlen($name)-4);
+		
+		$name = $body.".".$ext;
+		
+		return $name;
+	}
 	
 	function _file_get_contents($path) {
 		// Modified function from: 

uploads/index.php

@@ -0,0 +1,3 @@
+<?php
+// Silence is golden.
+?>