<li><a href="#ClassMethod <strong>new</strong> ($os,$realOS)"> ClassMethod new <tt>($os,$realOS)</tt></a></li>
<li><a href="#StaticMethod *untaintUnchecked*"> StaticMethod untaintUnchecked <tt>($string) -> $untainted</tt></a></li>
<li><a href="#StaticMethod *normalize_FileName"> StaticMethod normalizeFileName <tt>($string) -> $filename</tt></a></li>
+ <li><a href="#StaticMethod *sanitize_Attachmen"> StaticMethod sanitizeAttachmentName <tt>($fname) -> ($fileName,$origName)</tt></a></li>
<li><a href="#ObjectMethod <strong>sysCommand</strong> ($temp"> ObjectMethod sysCommand <tt>($template,@params) -> ($data,$exit)</tt></a></li>
</ul>
</li>
## <a name="StaticMethod <strong>normalize_FileName"></a> [[StaticMethod]] \*normalizeFileName `($string) -> $filename`
-STATIC Errors out if $string contains filtered characters.
+Errors out if $string contains filtered characters.
The returned string is not tainted, but it may contain shell metacharacters and even control characters.
+## <a name="StaticMethod <strong>sanitize_Attachmen"></a> [[StaticMethod]] \*sanitizeAttachmentName `($fname) -> ($fileName,$origName)`
+
+Given a file name received in a query parameter, sanitise it. Returns the sanitised name together with the basename before sanitisation.
+
+Sanitisation includes filtering illegal characters and mapping client file names to legal server names.
+
## <a name="ObjectMethod <strong>sysCommand</strong> ($temp"></a> [[ObjectMethod]] **sysCommand** `($template,@params) -> ($data,$exit)`
Invokes the program described by $template and @params, and returns the output of the program and an exit code. STDOUT is returned. STDERR is THROWN AWAY.