Index: openacs-4/packages/ecommerce/www/admin/products/supporting-files-upload-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/ecommerce/www/admin/products/supporting-files-upload-2.tcl,v
diff -u -r1.2 -r1.3
--- openacs-4/packages/ecommerce/www/admin/products/supporting-files-upload-2.tcl	10 Sep 2002 22:22:45 -0000	1.2
+++ openacs-4/packages/ecommerce/www/admin/products/supporting-files-upload-2.tcl	25 Aug 2008 19:36:03 -0000	1.3
@@ -27,7 +27,14 @@
     # couldn't find a match
     set client_filename $upload_file
 }
-
+#sanitize uploaded filename
+regsub -all -- {[^a-zA-Z0-9\-\.]+} $client_filename "-" client_filename
+if { [string match {product.[jg][pi][gf]} $client_filename] } {
+    set client_filename "${product_id}-${client_filename}"
+  } elseif { [string match {product-thumbnail.jpg} $client_filename] } {
+    set client_filename "${product_id}-${client_filename}"
+  }
+    
 set perm_filename "$full_dirname/$client_filename"
 
 ns_cp $tmp_filename $perm_filename