4552,4553c4552,4556 < * @param string $attachment a file on the filesystem, relative to $CFG->dataroot < * @param string $attachname the name of the file (extension indicates MIME) --- > * @param mixed $attachment Can either be a single file on the filesystem, > * relative to $CFG->dataroot or an associated array as follows: > * => > * @param string $attachname the name of the file (extension indicates MIME). > * Note, not used if $attachment is an array. 4683,4691c4686,4701 < if ($attachment && $attachname) { < if (preg_match( "~\\.\\.~" ,$attachment )) { // Security check for ".." in dir path < $temprecipients[] = array($supportuser->email, fullname($supportuser, true)); < $mail->AddStringAttachment('Error in attachment. User attempted to attach a filename with a unsafe name.', 'error.txt', '8bit', 'text/plain'); < } else { < require_once($CFG->libdir.'/filelib.php'); < $mimetype = mimeinfo('type', $attachname); < $mail->AddAttachment($CFG->dataroot .'/'. $attachment, $attachname, 'base64', $mimetype); < } --- > // handle multiple attachments > if (!is_array($attachment) && ($attachment && $attachname)) { > // cast a single attachment as an array > $attachment[$attachname] = $attachment; > } > if (is_array($attachment)) { > foreach ($attachment as $attachname => $attachlocation) { > if (preg_match( "~\\.\\.~" ,$attachlocation)) { // Security check for ".." in dir path > $temprecipients[] = array($supportuser->email, fullname($supportuser, true)); > $mail->AddStringAttachment('Error in attachment. User attempted to attach a filename with a unsafe name.', 'error.txt', '8bit', 'text/plain'); > } else { > require_once($CFG->libdir.'/filelib.php'); > $mimetype = mimeinfo('type', $attachname); > $mail->AddAttachment($CFG->dataroot .'/'. $attachlocation, $attachname, 'base64', $mimetype); > } > }