--- wilbur/courier/webmail/attachments.c	2002/12/10 21:52:40	1.1.1.1.4.2
+++ wilbur/courier/webmail/attachments.c	2002/12/12 21:37:29	1.1.1.1.4.5
@@ -5,7 +5,7 @@
 
 
 /*
-** $Id: attachments.c,v 1.1.1.1.4.2 2002/12/10 21:52:40 muk Exp $
+** $Id: attachments.c,v 1.1.1.1.4.5 2002/12/12 21:37:29 dowling Exp $
 */
 #include	"config.h"
 #include	"sqwebmail.h"
@@ -864,7 +864,9 @@
 	}
 	else
 	{
-		const char *pp, *f;
+		const char *pp;
+		char* pos;
+		char* f;
 
 		argvec[2]=(char *)calc_mime_type(cgi_attachfilename);
 		n=3;
@@ -882,22 +884,29 @@
 			(char *)cgi_attachfilename:"filename.dat";
 
 		pp=*cgi("attach_inline") ?
-			"Content-Disposition: inline; filename*=":
-			"Content-Disposition: attachment; filename*=";
+			"Content-Disposition: inline;":
+			"Content-Disposition: attachment;";
 
-		f=cgi_attachfilename ? cgi_attachfilename:"filename.dat";
-
-		filenamebuf=malloc(strlen(pp)+strlen(filenamemime ?
-						     filenamemime:"") + 15);
+		f = (char *)malloc(strlen(cgi_attachfilename ? cgi_attachfilename:"filename.dat"));
+		strcpy(f, cgi_attachfilename ? cgi_attachfilename:"filename.dat");
+		for(pos = f; *pos; pos++) 
+		  if (*pos <= ' ' || *pos >= 127 || strchr("'\";,\\=:", *pos))
+		    *pos='_';
+		
+		filenamebuf=malloc(strlen(pp)
+				   +strlen(filenamemime ? filenamemime:"") + 15
+				   +strlen(filenamemime ? filenamemime:"") + 15);
 
 		if (filenamebuf)
 		{
-			strcpy(filenamebuf, pp);
-			strcat(filenamebuf, filenamemime ? filenamemime:"");
+		  sprintf(filenamebuf, "%s\n     filename*=\"%s\";\n     filename=\"%s\"", 
+			  pp, filenamemime, f);
 
-			argvec[n++]="-a";
-			argvec[n++]=filenamebuf;
+		  argvec[n++]="-a";
+		  argvec[n++]=filenamebuf;
 		}
+		free(f);
+
 	}
 
 	signal(SIGCHLD, SIG_DFL);