diff options
author | Derek Jones <derek.jones@ellislab.com> | 2008-03-17 20:09:12 +0100 |
---|---|---|
committer | Derek Jones <derek.jones@ellislab.com> | 2008-03-17 20:09:12 +0100 |
commit | 6ef8b69b80093bf706d29df28d108f77acbf9dc0 (patch) | |
tree | 229e1709a019ffd45c2160667ef417e13046b3e6 | |
parent | 0138b8a0a05fe413b5d9af2f4df1b8fae36371b4 (diff) |
added filename prepping in the Upload library to prevent files with multiple extensions to potentially be parsed as a script by Apache
-rw-r--r-- | system/libraries/Upload.php | 42 | ||||
-rw-r--r-- | user_guide/changelog.html | 5 |
2 files changed, 46 insertions, 1 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 2a3f53d4b..760d93999 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -185,7 +185,7 @@ class CI_Upload { // Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_name = $_FILES[$field]['name'];
+ $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
$this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
$this->file_type = strtolower($this->file_type);
@@ -833,6 +833,46 @@ class CI_Upload { return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
}
+ /**
+ * Prep Filename
+ *
+ * Prevents possible script execution from Apache's handling of files multiple extensions
+ * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
+ *
+ * @access private
+ * @param string
+ * @return string
+ */
+ function _prep_filename($filename)
+ {
+ if (strpos($filename, '.') === FALSE)
+ {
+ return $filename;
+ }
+
+ $parts = explode('.', $filename);
+ $ext = array_pop($parts);
+ $filename = array_shift($parts);
+
+ foreach ($parts as $part)
+ {
+ if ($this->mimes_types(strtolower($part)) === FALSE)
+ {
+ $filename .= '.'.$part.'_';
+ }
+ else
+ {
+ $filename .= '.'.$part;
+ }
+ }
+
+ $filename .= '.'.$ext;
+
+ return $filename;
+ }
+
+ // --------------------------------------------------------------------
+
}
// END Upload Class
?>
\ No newline at end of file diff --git a/user_guide/changelog.html b/user_guide/changelog.html index a3bf56938..d90f79aba 100644 --- a/user_guide/changelog.html +++ b/user_guide/changelog.html @@ -65,6 +65,11 @@ Change Log <li>Added 'application/vnd.ms-powerpoint' to list of mime types.</li>
</ul>
</li>
+ <li>Libraries
+ <ul>
+ <li>Added increased security for filename handling in the Upload library.</li>
+ </ul>
+ </li>
<li>Helpers
<ul>
<li>Modified <kbd>img()</kbd> in the <a href="helpers/html_helper.html">HTML Helper</a> to remove an unneeded space (#4208).</li>
|