diff options
author | Florian Pritz <bluewind@xssn.at> | 2010-07-13 08:46:35 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xssn.at> | 2010-07-13 08:46:35 +0200 |
commit | 7814723286dedc5aeef3f0f287b4b2256fbbc2a7 (patch) | |
tree | 64420523cc88c84710b2b0db44080b32189b9629 | |
parent | 7ada05a71464080e8244f01a414ecbb07e96a395 (diff) |
apply CI_1.7.2_201007_sec_patch
Signed-off-by: Florian Pritz <bluewind@xssn.at>
-rw-r--r-- | system/libraries/Upload.php | 159 |
1 files changed, 90 insertions, 69 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 618c49be0..a97b7bdfb 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -6,7 +6,7 @@ * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2009, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -26,31 +26,33 @@ */ class CI_Upload { - var $max_size = 0; - var $max_width = 0; - var $max_height = 0; - var $max_filename = 0; - var $allowed_types = ""; - var $file_temp = ""; - var $file_name = ""; - var $orig_name = ""; - var $file_type = ""; - var $file_size = ""; - var $file_ext = ""; - var $upload_path = ""; - var $overwrite = FALSE; - var $encrypt_name = FALSE; - var $is_image = FALSE; - var $image_width = ''; - var $image_height = ''; - var $image_type = ''; - var $image_size_str = ''; - var $error_msg = array(); - var $mimes = array(); - var $remove_spaces = TRUE; - var $xss_clean = FALSE; - var $temp_prefix = "temp_file_"; - + var $max_size = 0; + var $max_width = 0; + var $max_height = 0; + var $max_filename = 0; + var $allowed_types = ""; + var $file_temp = ""; + var $file_name = ""; + var $orig_name = ""; + var $file_type = ""; + var $file_size = ""; + var $file_ext = ""; + var $upload_path = ""; + var $overwrite = FALSE; + var $encrypt_name = FALSE; + var $is_image = FALSE; + var $image_width = ''; + var $image_height = ''; + var $image_type = ''; + var $image_size_str = ''; + var $error_msg = array(); + var $mimes = array(); + var $remove_spaces = TRUE; + var $xss_clean = FALSE; + var $temp_prefix = "temp_file_"; + var $client_name = ''; + + var $_file_name_override = ''; /** * Constructor * @@ -101,7 +103,8 @@ class CI_Upload { 'mimes' => array(), 'remove_spaces' => TRUE, 'xss_clean' => FALSE, - 'temp_prefix' => "temp_file_" + 'temp_prefix' => "temp_file_", + 'client_name' => '' ); @@ -124,6 +127,10 @@ class CI_Upload { $this->$key = $val; } } + + // if a file_name was provided in the config, use it instead of the user input + // supplied file name for all uploads until initialized again + $this->_file_name_override = $this->file_name; } // -------------------------------------------------------------------- @@ -187,17 +194,12 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; - $this->file_name = $this->_prep_filename($_FILES[$field]['name']); - $this->file_size = $_FILES[$field]['size']; + $this->file_size = $_FILES[$field]['size']; $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); - $this->file_type = strtolower($this->file_type); - $this->file_ext = $this->get_extension($_FILES[$field]['name']); - - // Convert the file size to kilobytes - if ($this->file_size > 0) - { - $this->file_size = round($this->file_size/1024, 2); - } + $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); + $this->file_name = $this->_prep_filename($_FILES[$field]['name']); + $this->file_ext = $this->get_extension($this->file_name); + $this->client_name = $this->file_name; // Is the file type allowed to be uploaded? if ( ! $this->is_allowed_filetype()) @@ -205,6 +207,25 @@ class CI_Upload { $this->set_error('upload_invalid_filetype'); return FALSE; } + + // if we're overriding, let's now make sure the new name and type is allowed + if ($this->_file_name_override != '') + { + $this->file_name = $this->_prep_filename($this->_file_name_override); + $this->file_ext = $this->get_extension($this->file_name); + + if ( ! $this->is_allowed_filetype(TRUE)) + { + $this->set_error('upload_invalid_filetype'); + return FALSE; + } + } + + // Convert the file size to kilobytes + if ($this->file_size > 0) + { + $this->file_size = round($this->file_size/1024, 2); + } // Is the file size within the allowed maximum? if ( ! $this->is_allowed_filesize()) @@ -312,6 +333,7 @@ class CI_Upload { 'full_path' => $this->upload_path.$this->file_name, 'raw_name' => str_replace($this->file_ext, '', $this->file_name), 'orig_name' => $this->orig_name, + 'client_name' => $this->client_name, 'file_ext' => $this->file_ext, 'file_size' => $this->file_size, 'is_image' => $this->is_image(), @@ -549,43 +571,49 @@ class CI_Upload { * @access public * @return bool */ - function is_allowed_filetype() + function is_allowed_filetype($ignore_mime = FALSE) { if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) { $this->set_error('upload_no_file_types'); return FALSE; } + + $ext = strtolower(ltrim($this->file_ext, '.')); + + if ( ! in_array($ext, $this->allowed_types)) + { + return FALSE; + } + // Images get some additional checks $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - foreach ($this->allowed_types as $val) + if (in_array($ext, $image_types)) { - $mime = $this->mimes_types(strtolower($val)); - - // Images get some additional checks - if (in_array($val, $image_types)) + if (getimagesize($this->file_temp) === FALSE) { - if (getimagesize($this->file_temp) === FALSE) - { - return FALSE; - } - } + return FALSE; + } + } - if (is_array($mime)) - { - if (in_array($this->file_type, $mime, TRUE)) - { - return TRUE; - } - } - else + if ($ignore_mime === TRUE) + { + return TRUE; + } + + $mime = $this->mimes_types($ext); + + if (is_array($mime)) + { + if (in_array($this->file_type, $mime, TRUE)) { - if ($mime == $this->file_type) - { - return TRUE; - } - } + return TRUE; + } + } + elseif ($mime == $this->file_type) + { + return TRUE; } return FALSE; @@ -918,7 +946,7 @@ class CI_Upload { foreach ($parts as $part) { - if ($this->mimes_types(strtolower($part)) === FALSE) + if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE) { $filename .= '.'.$part.'_'; } @@ -928,13 +956,6 @@ class CI_Upload { } } - // file name override, since the exact name is provided, no need to - // run it through a $this->mimes check. - if ($this->file_name != '') - { - $filename = $this->file_name; - } - $filename .= '.'.$ext; return $filename; |