diff options
author | Hunter Wu <hunter.wu@gmail.com> | 2013-08-01 17:15:13 +0200 |
---|---|---|
committer | Hunter Wu <hunter.wu@gmail.com> | 2013-08-01 17:15:13 +0200 |
commit | 23719ab569c9c8d6b791f65d7861daba3895ddcb (patch) | |
tree | 1745d7b15b867b1ec2b67f5310d050bb02af5e95 /system/core | |
parent | c958eebea2525133bcef9fe47a5dfab9e23128dd (diff) |
Add windows filename rule as an option for upload files
Diffstat (limited to 'system/core')
-rw-r--r-- | system/core/Security.php | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/system/core/Security.php b/system/core/Security.php index 196d61144..cd1cb1ab4 100644 --- a/system/core/Security.php +++ b/system/core/Security.php @@ -115,6 +115,36 @@ class CI_Security { ); /** + * List of bad chars for sanitize filename + * + * @var array + */ + private $_filename_bad_str_rules = array( + 'default' => array( + '../', '<!--', '-->', '<', '>', + "'", '"', '&', '$', '#', + '{', '}', '[', ']', '=', + ';', '?', '%20', '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = + ), + 'windows' => array( + '\\', '/', ':', '*', '?', + '"', '<', '>', '|', + ), + ); + + /** * Class constructor * * @return void @@ -547,26 +577,9 @@ class CI_Security { * @param bool $relative_path Whether to preserve paths * @return string */ - public function sanitize_filename($str, $relative_path = FALSE) + public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default') { - $bad = array( - '../', '<!--', '-->', '<', '>', - "'", '"', '&', '$', '#', - '{', '}', '[', ']', '=', - ';', '?', '%20', '%22', - '%3c', // < - '%253c', // < - '%3e', // > - '%0e', // > - '%28', // ( - '%29', // ) - '%2528', // ( - '%26', // & - '%24', // $ - '%3f', // ? - '%3b', // ; - '%3d' // = - ); + $bad = $this->_filename_bad_str_rules[$rule]; if ( ! $relative_path) { |