summaryrefslogtreecommitdiffstats
path: root/system/core
diff options
context:
space:
mode:
authorHunter Wu <hunter.wu@gmail.com>2013-08-01 17:15:13 +0200
committerHunter Wu <hunter.wu@gmail.com>2013-08-01 17:15:13 +0200
commit23719ab569c9c8d6b791f65d7861daba3895ddcb (patch)
tree1745d7b15b867b1ec2b67f5310d050bb02af5e95 /system/core
parentc958eebea2525133bcef9fe47a5dfab9e23128dd (diff)
Add windows filename rule as an option for upload files
Diffstat (limited to 'system/core')
-rw-r--r--system/core/Security.php51
1 files changed, 32 insertions, 19 deletions
diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..cd1cb1ab4 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -115,6 +115,36 @@ class CI_Security {
);
/**
+ * List of bad chars for sanitize filename
+ *
+ * @var array
+ */
+ private $_filename_bad_str_rules = array(
+ 'default' => array(
+ '../', '<!--', '-->', '<', '>',
+ "'", '"', '&', '$', '#',
+ '{', '}', '[', ']', '=',
+ ';', '?', '%20', '%22',
+ '%3c', // <
+ '%253c', // <
+ '%3e', // >
+ '%0e', // >
+ '%28', // (
+ '%29', // )
+ '%2528', // (
+ '%26', // &
+ '%24', // $
+ '%3f', // ?
+ '%3b', // ;
+ '%3d' // =
+ ),
+ 'windows' => array(
+ '\\', '/', ':', '*', '?',
+ '"', '<', '>', '|',
+ ),
+ );
+
+ /**
* Class constructor
*
* @return void
@@ -547,26 +577,9 @@ class CI_Security {
* @param bool $relative_path Whether to preserve paths
* @return string
*/
- public function sanitize_filename($str, $relative_path = FALSE)
+ public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default')
{
- $bad = array(
- '../', '<!--', '-->', '<', '>',
- "'", '"', '&', '$', '#',
- '{', '}', '[', ']', '=',
- ';', '?', '%20', '%22',
- '%3c', // <
- '%253c', // <
- '%3e', // >
- '%0e', // >
- '%28', // (
- '%29', // )
- '%2528', // (
- '%26', // &
- '%24', // $
- '%3f', // ?
- '%3b', // ;
- '%3d' // =
- );
+ $bad = $this->_filename_bad_str_rules[$rule];
if ( ! $relative_path)
{