summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2008-03-17 20:09:12 +0100
committerDerek Jones <derek.jones@ellislab.com>2008-03-17 20:09:12 +0100
commit6ef8b69b80093bf706d29df28d108f77acbf9dc0 (patch)
tree229e1709a019ffd45c2160667ef417e13046b3e6
parent0138b8a0a05fe413b5d9af2f4df1b8fae36371b4 (diff)
added filename prepping in the Upload library to prevent files with multiple extensions to potentially be parsed as a script by Apache
-rw-r--r--system/libraries/Upload.php42
-rw-r--r--user_guide/changelog.html5
2 files changed, 46 insertions, 1 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 2a3f53d4b..760d93999 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -185,7 +185,7 @@ class CI_Upload {
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_name = $_FILES[$field]['name'];
+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
$this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
$this->file_type = strtolower($this->file_type);
@@ -833,6 +833,46 @@ class CI_Upload {
return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
}
+ /**
+ * Prep Filename
+ *
+ * Prevents possible script execution from Apache's handling of files multiple extensions
+ * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
+ *
+ * @access private
+ * @param string
+ * @return string
+ */
+ function _prep_filename($filename)
+ {
+ if (strpos($filename, '.') === FALSE)
+ {
+ return $filename;
+ }
+
+ $parts = explode('.', $filename);
+ $ext = array_pop($parts);
+ $filename = array_shift($parts);
+
+ foreach ($parts as $part)
+ {
+ if ($this->mimes_types(strtolower($part)) === FALSE)
+ {
+ $filename .= '.'.$part.'_';
+ }
+ else
+ {
+ $filename .= '.'.$part;
+ }
+ }
+
+ $filename .= '.'.$ext;
+
+ return $filename;
+ }
+
+ // --------------------------------------------------------------------
+
}
// END Upload Class
?> \ No newline at end of file
diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index a3bf56938..d90f79aba 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -65,6 +65,11 @@ Change Log
<li>Added 'application/vnd.ms-powerpoint' to list of mime types.</li>
</ul>
</li>
+ <li>Libraries
+ <ul>
+ <li>Added increased security for filename handling in the Upload library.</li>
+ </ul>
+ </li>
<li>Helpers
<ul>
<li>Modified <kbd>img()</kbd> in the <a href="helpers/html_helper.html">HTML Helper</a> to remove an unneeded space (#4208).</li>