From a987ddbe85c3438b594940e0d4e020596d3eaba1 Mon Sep 17 00:00:00 2001
From: Hadi Nategh <hnategh@gmail.com>
Date: Fri, 2 Mar 2018 12:13:13 +0100
Subject: [PATCH] Make sure replace only and only VT char (Vertical Tab)

---
 api/src/Mail.php             | 2 +-
 mail/tests/SaveToVfsTest.php | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/api/src/Mail.php b/api/src/Mail.php
index 8d1be4a059..4248ca04da 100644
--- a/api/src/Mail.php
+++ b/api/src/Mail.php
@@ -6443,7 +6443,7 @@ class Mail
 	 */
 	static function clean_subject_for_filename($filename)
 	{
-		static $filter_pattern = '$[\f\n\t\v\\:*#?<>%"\|/\\\?]$';
+		static $filter_pattern = '$[\f\n\t\x0b\:*#?<>%"\|/\\\?]$';
 		return preg_replace($filter_pattern, "_", trim($filename));
 	}
 
diff --git a/mail/tests/SaveToVfsTest.php b/mail/tests/SaveToVfsTest.php
index 74d03df367..4790c609c6 100644
--- a/mail/tests/SaveToVfsTest.php
+++ b/mail/tests/SaveToVfsTest.php
@@ -65,6 +65,7 @@ class SaveToVfsTest extends \EGroupware\Api\AppTest
 		$this->assertNotContains('*', $cleaned);
 		$this->assertNotContains('/', $cleaned);
 		$this->assertNotContains('?', $cleaned);
+		$this->assertNotContains('\x0b', $cleaned);
 
 		// Length should stay the same
 		$this->assertEquals(strlen($filename), strlen($cleaned), 'Length changed');
@@ -94,6 +95,7 @@ class SaveToVfsTest extends \EGroupware\Api\AppTest
 			array('Contains a /', true),
 			array('Contains a ?', true),
 			array('Contains a %', true),
+			array('Contains a '.chr(11), true),
 			array('This one contains them all < > " : | \ * / ? % are not allowed', true)
 		);
 	}