diff options
| author | Florian Pritz <bluewind@xinu.at> | 2011-11-28 22:13:04 +0100 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2011-11-28 22:13:04 +0100 |
| commit | dae09a1d516617e3a054cb9838d7761749d397f1 (patch) | |
| tree | 4ceed076562bf369b2471d20a56c4c98cf9947ca /system/libraries/Upload.php | |
| parent | a9236d031c56814eb8a024626d2c5280557ca41d (diff) | |
| parent | 0199f68db46d375af2d4cb831c679d3040601f25 (diff) | |
Merge commit 'v2.1.0'
Conflicts:
user_guide/changelog.html
user_guide/database/active_record.html
user_guide/database/caching.html
user_guide/database/call_function.html
user_guide/database/configuration.html
user_guide/database/connecting.html
user_guide/database/examples.html
user_guide/database/fields.html
user_guide/database/forge.html
user_guide/database/helpers.html
user_guide/database/index.html
user_guide/database/queries.html
user_guide/database/results.html
user_guide/database/table_data.html
user_guide/database/transactions.html
user_guide/database/utilities.html
user_guide/doc_style/index.html
user_guide/general/alternative_php.html
user_guide/general/ancillary_classes.html
user_guide/general/autoloader.html
user_guide/general/caching.html
user_guide/general/cli.html
user_guide/general/common_functions.html
user_guide/general/controllers.html
user_guide/general/core_classes.html
user_guide/general/creating_drivers.html
user_guide/general/creating_libraries.html
user_guide/general/credits.html
user_guide/general/drivers.html
user_guide/general/environments.html
user_guide/general/errors.html
user_guide/general/helpers.html
user_guide/general/hooks.html
user_guide/general/libraries.html
user_guide/general/managing_apps.html
user_guide/general/models.html
user_guide/general/profiling.html
user_guide/general/quick_reference.html
user_guide/general/requirements.html
user_guide/general/reserved_names.html
user_guide/general/routing.html
user_guide/general/security.html
user_guide/general/styleguide.html
user_guide/general/urls.html
user_guide/general/views.html
user_guide/helpers/array_helper.html
user_guide/helpers/captcha_helper.html
user_guide/helpers/cookie_helper.html
user_guide/helpers/date_helper.html
user_guide/helpers/directory_helper.html
user_guide/helpers/download_helper.html
user_guide/helpers/email_helper.html
user_guide/helpers/file_helper.html
user_guide/helpers/form_helper.html
user_guide/helpers/html_helper.html
user_guide/helpers/inflector_helper.html
user_guide/helpers/language_helper.html
user_guide/helpers/number_helper.html
user_guide/helpers/path_helper.html
user_guide/helpers/security_helper.html
user_guide/helpers/smiley_helper.html
user_guide/helpers/string_helper.html
user_guide/helpers/text_helper.html
user_guide/helpers/typography_helper.html
user_guide/helpers/url_helper.html
user_guide/helpers/xml_helper.html
user_guide/images/appflowchart.gif
user_guide/index.html
user_guide/installation/downloads.html
user_guide/installation/index.html
user_guide/installation/troubleshooting.html
user_guide/installation/upgrade_120.html
user_guide/installation/upgrade_130.html
user_guide/installation/upgrade_131.html
user_guide/installation/upgrade_132.html
user_guide/installation/upgrade_133.html
user_guide/installation/upgrade_140.html
user_guide/installation/upgrade_141.html
user_guide/installation/upgrade_150.html
user_guide/installation/upgrade_152.html
user_guide/installation/upgrade_153.html
user_guide/installation/upgrade_154.html
user_guide/installation/upgrade_160.html
user_guide/installation/upgrade_161.html
user_guide/installation/upgrade_162.html
user_guide/installation/upgrade_163.html
user_guide/installation/upgrade_170.html
user_guide/installation/upgrade_171.html
user_guide/installation/upgrade_172.html
user_guide/installation/upgrade_200.html
user_guide/installation/upgrade_201.html
user_guide/installation/upgrade_202.html
user_guide/installation/upgrade_203.html
user_guide/installation/upgrade_b11.html
user_guide/installation/upgrading.html
user_guide/libraries/benchmark.html
user_guide/libraries/caching.html
user_guide/libraries/calendar.html
user_guide/libraries/cart.html
user_guide/libraries/config.html
user_guide/libraries/email.html
user_guide/libraries/encryption.html
user_guide/libraries/file_uploading.html
user_guide/libraries/form_validation.html
user_guide/libraries/ftp.html
user_guide/libraries/image_lib.html
user_guide/libraries/input.html
user_guide/libraries/javascript.html
user_guide/libraries/language.html
user_guide/libraries/loader.html
user_guide/libraries/output.html
user_guide/libraries/pagination.html
user_guide/libraries/parser.html
user_guide/libraries/security.html
user_guide/libraries/sessions.html
user_guide/libraries/table.html
user_guide/libraries/trackback.html
user_guide/libraries/typography.html
user_guide/libraries/unit_testing.html
user_guide/libraries/uri.html
user_guide/libraries/user_agent.html
user_guide/libraries/xmlrpc.html
user_guide/libraries/zip.html
user_guide/license.html
user_guide/nav/nav.js
user_guide/overview/appflow.html
user_guide/overview/at_a_glance.html
user_guide/overview/cheatsheets.html
user_guide/overview/features.html
user_guide/overview/getting_started.html
user_guide/overview/goals.html
user_guide/overview/index.html
user_guide/overview/mvc.html
user_guide/toc.html
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'system/libraries/Upload.php')
| -rwxr-xr-x | system/libraries/Upload.php | 66 |
1 files changed, 64 insertions, 2 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..05511b5d3 100755 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -196,7 +196,8 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); + $this->_file_mime_type($_FILES[$field]); + $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); @@ -1006,8 +1007,69 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * File MIME type + * + * Detects the (actual) MIME type of the uploaded file, if possible. + * The input array is expected to be $_FILES[$field] + * + * @param array + * @return void + */ + protected function _file_mime_type($file) + { + // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) + if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + { + $finfo = new finfo(FILEINFO_MIME_TYPE); + if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + { + $file_type = $finfo->file($file['tmp_name']); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database) + */ + if (strlen($file_type) > 1) + { + $this->file_type = $file_type; + return; + } + } + } + + // Fall back to the deprecated mime_content_type(), if available + if (function_exists('mime_content_type')) + { + $this->file_type = @mime_content_type($file['tmp_name']); + return; + } + + /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type']. + * + * Notes: + * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check + */ + if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) + { + $output = array(); + @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); + if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + { + $this->file_type = rtrim($output[0]); + return; + } + } + + $this->file_type = $file['type']; + } + + // -------------------------------------------------------------------- + } // END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */
\ No newline at end of file +/* Location: ./system/libraries/Upload.php */ |