From d547fddd3f624f338164ac1f93f064a7ba722525 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccouting.eu>
Date: Sat, 11 Feb 2012 20:52:35 +0100
Subject: [PATCH] Fixed bug in attachments uploading.

---
 admin/attachments.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/admin/attachments.php b/admin/attachments.php
index 1ad50d69..d41684b1 100644
--- a/admin/attachments.php
+++ b/admin/attachments.php
@@ -92,16 +92,20 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
 			$index_file = "<?php\nheader(\"Location: ../index.php\");\n?>";
 			$fp = fopen($dir."/index.php", "w");
 			fwrite($fp, $index_file);
-			fclose($fp);
+			fclose($fp); _vd($dir);
 		}
 		// file name compatible with POSIX
 		// protect against directory traversal
-		$unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
-		if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name))
-			unlink($dir."/".$unique_name);
-
-		$unique_name = uniqid('');
+		if ($Mode == 'UPDATE_ITEM')
+		{
+			$unique_name = preg_replace('/[^a-zA-Z0-9.\-_]/', '', $_POST['unique_name']);
+			if ($Mode == 'UPDATE_ITEM' && file_exists($dir."/".$unique_name))
+				unlink($dir."/".$unique_name);
+		}
+		else
+			$unique_name = uniqid('');
 		move_uploaded_file($tmpname, $dir."/".$unique_name);
+
 		//save the file
 		$filename = basename($_FILES['filename']['name']);
 		$filesize = $_FILES['filename']['size'];
-- 
2.30.2