Don't allow illegal filename chars, including spaces, in attached filenames.

src/sbbs3/email.cpp

@@ -8,7 +8,7 @@
  * @format.tab-size 4		(Plain Text/Source Code File Header)			*
  * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
  *																			*
- * Copyright 2015 Rob Swindell - http://www.synchro.net/copyright.html		*
+ * Copyright Rob Swindell - http://www.synchro.net/copyright.html			*
  *																			*
  * This program is free software; you can redistribute it and/or			*
  * modify it under the terms of the GNU General Public License				*
@@ -125,6 +125,11 @@ bool sbbs_t::email(int usernumber, const char *top, const char *subj, long mode)
 
 
 	if(mode&WM_FILE) {
+		if(!checkfname(title)) {
+			bputs(text[BadFilename]);
+			remove(msgpath);
+			return(false);
+		}
 		sprintf(str2,"%sfile/%04u.in", cfg.data_dir,usernumber);
 		MKDIR(str2);
 		sprintf(str2,"%sfile/%04u.in/%s", cfg.data_dir,usernumber,title);
@@ -133,7 +138,6 @@ bool sbbs_t::email(int usernumber, const char *top, const char *subj, long mode)
 			remove(msgpath);
 			return(false); 
 		}
-		{ /* Remote */
 		xfer_prot_menu(XFER_UPLOAD);
 		mnemonics(text[ProtocolOrQuit]);
 		sprintf(str,"%c",text[YNQP][2]);
@@ -154,7 +158,6 @@ bool sbbs_t::email(int usernumber, const char *top, const char *subj, long mode)
 				break;
 		if(x<cfg.total_prots)	/* This should be always */
 			protocol(cfg.prot[x],XFER_UPLOAD,str2,nulstr,true); 
-		}
 		safe_snprintf(tmp,sizeof(tmp),"%s%s",cfg.temp_dir,title);
 		if(!fexistcase(str2) && fexistcase(tmp))
 			mv(tmp,str2,0);

src/sbbs3/writemsg.cpp

@@ -392,6 +392,11 @@ bool sbbs_t::writemsg(const char *fname, const char *top, char *title, long mode
 			free(buf);
 			return(false); 
 		}
+		if((mode&WM_FILE) && !checkfname(title)) {
+			free(buf);
+			bputs(text[BadFilename]);
+			return(false);
+		}
 		if(!(mode&(WM_EMAIL|WM_NETMAIL)) && cfg.sub[subnum]->misc&SUB_QNET
 			&& !SYSOP
 			&& (!stricmp(title,"DROP") || !stricmp(title,"ADD")