Form plugin: Critical Bug - Form save: File with extension not allowed

[maofree]

Hi Today I've seen that the form has a big problem after to send a message I get this error

Form save: File with extension not allowed: contactform-06/01/2024 13:24:36.txt

why should the txt file be wrong? It worked fine before, I think it's due to the latest plugin updates, which added this error

How is it possible to fix it? all sites with grav have this problem. I use the latest versions

the email is sent correctly

thanks

[maofree]

I've seen that the problem is due from this condition inside Utils::checkFilename of Utils.php at line 989

|| strtr($filename, "\t\v\n\r\0\\/", '_______') !== $filename

I think the problem is in the $filename variable because it is like so

contactform-06/01/2024 15:07:23.txt

but the real filename is so 2024 15:07:23.txt, because contactform-06 is a folder and 01 is another folder and the condition check the presence of slashes

[maofree]

it is not possible to use this line

$filename = $prefix . $this->udate($format, $raw_format) . $postfix . $ext;

with this condition

if (!Utils::checkFilename($filename)) { throw new RuntimeException(sprintf('Form save: File with extension not allowed: %s', $filename)); }

the filename includes folders with slashes in its name, so you should pass to that condition only the real filename or use a different condition

[maofree]

I suggest this solution

` $filename_array = $filename ? explode('/', $filename) : [];

            // Handle bad filenames.
            if (!Utils::checkFilename($filename_array[count($filename_array) -1])) {
                throw new RuntimeException(sprintf('Form save: File with extension not allowed: %s', $filename));
            }`