From e573cb83555185c05e28f486f105ec9a8c435190 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Sun, 22 Mar 2009 13:11:17 +0000
Subject: [PATCH] Fixed item image filenames.

---
 inventory/includes/inventory_db.inc |  5 +++++
 inventory/manage/items.php          | 13 +++++++------
 reporting/rep104.php                |  5 +++--
 reporting/rep303.php                |  5 +++--
 4 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/inventory/includes/inventory_db.inc b/inventory/includes/inventory_db.inc
index 2e22d692..d7b20c9d 100644
--- a/inventory/includes/inventory_db.inc
+++ b/inventory/includes/inventory_db.inc
@@ -24,4 +24,9 @@ include_once($path_to_root . "/inventory/includes/db/items_adjust_db.inc");
 include_once($path_to_root . "/inventory/includes/db/items_transfer_db.inc");
 include_once($path_to_root . "/inventory/includes/db/items_units_db.inc");
 
+function item_img_name($stock_id)
+{
+	return strtr($stock_id, "><\\/:|*?", '________');
+}
+
 ?>
\ No newline at end of file
diff --git a/inventory/manage/items.php b/inventory/manage/items.php
index 1643375a..c841514c 100644
--- a/inventory/manage/items.php
+++ b/inventory/manage/items.php
@@ -27,11 +27,11 @@ $new_item = get_post('stock_id')=='';
 
 if (isset($_GET['stock_id']))
 {
-	$_POST['stock_id'] = $stock_id = strtoupper($_GET['stock_id']);
+	$_POST['stock_id'] = $stock_id = $_GET['stock_id'];
 }
 else if (isset($_POST['stock_id']))
 {
-	$stock_id = strtoupper($_POST['stock_id']);
+	$stock_id = $_POST['stock_id'];
 }
 
 if (list_updated('stock_id')) {
@@ -50,7 +50,7 @@ if (isset($_FILES['pic']) && $_FILES['pic']['name'] != '')
 	{
 		mkdir($filename);
 	}	
-	$filename .= "/$stock_id.jpg";
+	$filename .= "/".item_img_name($stock_id).".jpg";
 	
 	 //But check for the worst 
 	if (strtoupper(substr(trim($_FILES['pic']['name']), strlen($_FILES['pic']['name']) - 3)) != 'JPG')
@@ -239,7 +239,7 @@ if (isset($_POST['delete']) && strlen($_POST['delete']) > 1)
 
 		$stock_id = $_POST['NewStockID'];
 		delete_item($stock_id);
-		$filename = $comp_path . "/$user_comp/images/$stock_id.jpg";
+		$filename = $comp_path . "/$user_comp/images/".item_img_name($stock_id).".jpg";
 		if (file_exists($filename))
 			unlink($filename);
 		display_notification(_("Selected item has been deleted."));
@@ -391,11 +391,12 @@ table_section_title(_("Picture"));
 label_row(_("Image File (.jpg)") . ":", "<input type='file' id='pic' name='pic'>");
 // Add Image upload for New Item  - by Joe
 $stock_img_link = "";
-if (isset($_POST['NewStockID']) && file_exists("$comp_path/$user_comp/images/".$_POST['NewStockID'].".jpg")) 
+if (isset($_POST['NewStockID']) && file_exists("$comp_path/$user_comp/images/"
+	.item_img_name($_POST['NewStockID']).".jpg")) 
 {
  // 31/08/08 - rand() call is necessary here to avoid caching problems. Thanks to Peter D.
 	$stock_img_link .= "<img id='item_img' alt = '[".$_POST['NewStockID'].".jpg".
-		"]' src='$comp_path/$user_comp/images/".$_POST['NewStockID'].".jpg?nocache=".rand()."'".
+		"]' src='$comp_path/$user_comp/images/".item_img_name($_POST['NewStockID']).".jpg?nocache=".rand()."'".
 		" width='$pic_width' height='$pic_height' border='0'>";
 } 
 else 
diff --git a/reporting/rep104.php b/reporting/rep104.php
index 280f447a..ac9a5f8f 100644
--- a/reporting/rep104.php
+++ b/reporting/rep104.php
@@ -24,7 +24,7 @@ include_once($path_to_root . "/includes/ui/ui_input.inc");
 include_once($path_to_root . "/includes/data_checks.inc");
 include_once($path_to_root . "/gl/includes/gl_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_types_db.inc");
-include_once($path_to_root . "/inventory/includes/db/items_category_db.inc");
+include_once($path_to_root . "/inventory/includes/db/inventory_db.inc");
 
 //----------------------------------------------------------------------------------------------------
 
@@ -159,7 +159,8 @@ function print_price_listing()
 		}
 		if ($pictures)
 		{
-			$image = $comp_path . '/'. $user_comp . "/images/" . $myrow['stock_id'] . ".jpg";
+			$image = $comp_path . '/'. $user_comp . "/images/" 
+				. item_img_name($myrow['stock_id']) . ".jpg";
 			if (file_exists($image))
 			{
 				$rep->NewLine();
diff --git a/reporting/rep303.php b/reporting/rep303.php
index b46e1d81..f4c73db3 100644
--- a/reporting/rep303.php
+++ b/reporting/rep303.php
@@ -22,7 +22,7 @@ include_once($path_to_root . "/includes/session.inc");
 include_once($path_to_root . "/includes/date_functions.inc");
 include_once($path_to_root . "/includes/data_checks.inc");
 include_once($path_to_root . "/gl/includes/gl_db.inc");
-include_once($path_to_root . "/inventory/includes/db/items_category_db.inc");
+include_once($path_to_root . "/inventory/includes/db/inventory_db.inc");
 
 //----------------------------------------------------------------------------------------------------
 
@@ -200,7 +200,8 @@ function print_stock_check()
 		}
 		if ($pictures)
 		{
-			$image = $comp_path .'/'. $user_comp . '/images/' . $trans['stock_id'] . '.jpg';
+			$image = $comp_path .'/'. $user_comp . '/images/' 
+				. item_img_name($trans['stock_id']) . '.jpg';
 			if (file_exists($image))
 			{
 				$rep->NewLine();
-- 
2.30.2