diff options
author | Pascal Kriete <pascal.kriete@ellislab.com> | 2010-11-04 22:59:52 +0100 |
---|---|---|
committer | Pascal Kriete <pascal.kriete@ellislab.com> | 2010-11-04 22:59:52 +0100 |
commit | e917f9be8b05c81357c1c2c9730d5060685d644d (patch) | |
tree | b6a7d5ce8ba57b69ba61454f77829b04f2ce5974 /system/libraries/Upload.php | |
parent | 5b2d2da5ae2e97043c6bef53e565d30e50196e2b (diff) | |
parent | e1f6e9ddff788f6a154f5f35dc117d14aeb0c484 (diff) |
Automated merge with http://hg.ellislab.com/CodeIgniter2
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r-- | system/libraries/Upload.php | 298 |
1 files changed, 149 insertions, 149 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c18c178df..c83d0aeaa 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -25,7 +25,7 @@ * @link http://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { - + var $max_size = 0; var $max_width = 0; var $max_height = 0; @@ -51,9 +51,9 @@ class CI_Upload { var $xss_clean = FALSE; var $temp_prefix = "temp_file_"; var $client_name = ''; - + var $_file_name_override = ''; //@PHP4 (should be private) - + /** * Constructor * @@ -65,19 +65,19 @@ class CI_Upload { { $this->initialize($props); } - + log_message('debug', "Upload Class Initialized"); } - + // -------------------------------------------------------------------- - + /** * Initialize preferences * * @access public * @param array * @return void - */ + */ function initialize($config = array()) { @@ -107,9 +107,9 @@ class CI_Upload { 'xss_clean' => FALSE, 'temp_prefix' => "temp_file_", 'client_name' => '' - ); - - + ); + + foreach ($defaults as $key => $val) { if (isset($config[$key])) @@ -122,27 +122,27 @@ class CI_Upload { else { $this->$key = $config[$key]; - } + } } else { $this->$key = $val; } } - + // if a file_name was provided in the config, use it instead of the user input // supplied file name for all uploads until initialized again $this->_file_name_override = $this->file_name; } - + // -------------------------------------------------------------------- - + /** * Perform the file upload * * @access public * @return bool - */ + */ function do_upload($field = 'userfile') { // Is $_FILES[$field] set? If not, no reason to continue. @@ -151,7 +151,7 @@ class CI_Upload { $this->set_error('upload_no_file_selected'); return FALSE; } - + // Is the upload path valid? if ( ! $this->validate_upload_path()) { @@ -173,10 +173,10 @@ class CI_Upload { $this->set_error('upload_file_exceeds_form_limit'); break; case 3: // UPLOAD_ERR_PARTIAL - $this->set_error('upload_file_partial'); + $this->set_error('upload_file_partial'); break; case 4: // UPLOAD_ERR_NO_FILE - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected'); break; case 6: // UPLOAD_ERR_NO_TMP_DIR $this->set_error('upload_no_temp_directory'); @@ -196,14 +196,14 @@ class CI_Upload { // Set the uploaded data as class variables - $this->file_temp = $_FILES[$field]['tmp_name']; - $this->file_size = $_FILES[$field]['size']; + $this->file_temp = $_FILES[$field]['tmp_name']; + $this->file_size = $_FILES[$field]['size']; $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); $this->client_name = $this->file_name; - + // Is the file type allowed to be uploaded? if ( ! $this->is_allowed_filetype()) { @@ -220,10 +220,10 @@ class CI_Upload { if ( ! $this->is_allowed_filetype(TRUE)) { $this->set_error('upload_invalid_filetype'); - return FALSE; + return FALSE; } } - + // Convert the file size to kilobytes if ($this->file_size > 0) { @@ -247,7 +247,7 @@ class CI_Upload { // Sanitize the file name for security $this->file_name = $this->clean_file_name($this->file_name); - + // Truncate the file name if it's too long if ($this->max_filename > 0) { @@ -271,7 +271,7 @@ class CI_Upload { if ($this->overwrite == FALSE) { $this->file_name = $this->set_filename($this->upload_path, $this->file_name); - + if ($this->file_name === FALSE) { return FALSE; @@ -304,8 +304,8 @@ class CI_Upload { { if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)) { - $this->set_error('upload_destination_error'); - return FALSE; + $this->set_error('upload_destination_error'); + return FALSE; } } @@ -319,18 +319,18 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Finalized Data Array - * + * * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * * @access public * @return array - */ + */ function data() { return array ( @@ -350,24 +350,24 @@ class CI_Upload { 'image_size_str' => $this->image_size_str, ); } - + // -------------------------------------------------------------------- - + /** * Set Upload Path * * @access public * @param string * @return void - */ + */ function set_upload_path($path) { // Make sure it has a trailing slash $this->upload_path = rtrim($path, '/').'/'; } - + // -------------------------------------------------------------------- - + /** * Set the file name * @@ -379,25 +379,25 @@ class CI_Upload { * @param string * @param string * @return string - */ + */ function set_filename($path, $filename) { if ($this->encrypt_name == TRUE) - { + { mt_srand(); - $filename = md5(uniqid(mt_rand())).$this->file_ext; + $filename = md5(uniqid(mt_rand())).$this->file_ext; } - + if ( ! file_exists($path.$filename)) { return $filename; } - + $filename = str_replace($this->file_ext, '', $filename); - + $new_filename = ''; for ($i = 1; $i < 100; $i++) - { + { if ( ! file_exists($path.$filename.$i.$this->file_ext)) { $new_filename = $filename.$i.$this->file_ext; @@ -415,72 +415,72 @@ class CI_Upload { return $new_filename; } } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Size * * @access public * @param integer * @return void - */ + */ function set_max_filesize($n) { $this->max_size = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Name Length * * @access public * @param integer * @return void - */ + */ function set_max_filename($n) { $this->max_filename = ((int) $n < 0) ? 0: (int) $n; } // -------------------------------------------------------------------- - + /** * Set Maximum Image Width * * @access public * @param integer * @return void - */ + */ function set_max_width($n) { $this->max_width = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum Image Height * * @access public * @param integer * @return void - */ + */ function set_max_height($n) { $this->max_height = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Allowed File Types * * @access public * @param string * @return void - */ + */ function set_allowed_types($types) { if ( ! is_array($types) && $types == '*') @@ -490,9 +490,9 @@ class CI_Upload { } $this->allowed_types = explode('|', $types); } - + // -------------------------------------------------------------------- - + /** * Set Image Properties * @@ -501,7 +501,7 @@ class CI_Upload { * @access public * @param string * @return void - */ + */ function set_image_properties($path = '') { if ( ! $this->is_image()) @@ -512,7 +512,7 @@ class CI_Upload { if (function_exists('getimagesize')) { if (FALSE !== ($D = @getimagesize($path))) - { + { $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); $this->image_width = $D['0']; @@ -522,9 +522,9 @@ class CI_Upload { } } } - + // -------------------------------------------------------------------- - + /** * Set XSS Clean * @@ -539,15 +539,15 @@ class CI_Upload { { $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Validate the image * * @access public * @return bool - */ + */ function is_image() { // IE will sometimes return odd mime-types during upload, so here we just standardize all @@ -555,12 +555,12 @@ class CI_Upload { $png_mimes = array('image/x-png'); $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg'); - + if (in_array($this->file_type, $png_mimes)) { $this->file_type = 'image/png'; } - + if (in_array($this->file_type, $jpeg_mimes)) { $this->file_type = 'image/jpeg'; @@ -570,80 +570,80 @@ class CI_Upload { 'image/gif', 'image/jpeg', 'image/png', - ); + ); return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the filetype is allowed * * @access public * @return bool - */ + */ function is_allowed_filetype($ignore_mime = FALSE) { if ($this->allowed_types == '*') { return TRUE; } - + if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) { $this->set_error('upload_no_file_types'); return FALSE; } - + $ext = strtolower(ltrim($this->file_ext, '.')); - + if ( ! in_array($ext, $this->allowed_types)) { return FALSE; } - // Images get some additional checks + // Images get some additional checks $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - + if (in_array($ext, $image_types)) { if (getimagesize($this->file_temp) === FALSE) { return FALSE; - } + } } - + if ($ignore_mime === TRUE) { return TRUE; } - + $mime = $this->mimes_types($ext); - + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) { return TRUE; - } + } } elseif ($mime == $this->file_type) { return TRUE; } - + return FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the file is within the allowed size * * @access public * @return bool - */ + */ function is_allowed_filesize() { if ($this->max_size != 0 AND $this->file_size > $this->max_size) @@ -655,15 +655,15 @@ class CI_Upload { return TRUE; } } - + // -------------------------------------------------------------------- - + /** * Verify that the image is within the allowed width/height * * @access public * @return bool - */ + */ function is_allowed_dimensions() { if ( ! $this->is_image()) @@ -690,9 +690,9 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Validate Upload Path * @@ -701,7 +701,7 @@ class CI_Upload { * * @access public * @return bool - */ + */ function validate_upload_path() { if ($this->upload_path == '') @@ -709,7 +709,7 @@ class CI_Upload { $this->set_error('upload_no_filepath'); return FALSE; } - + if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace("\\", "/", realpath($this->upload_path)); @@ -730,31 +730,31 @@ class CI_Upload { $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); return TRUE; } - + // -------------------------------------------------------------------- - + /** * Extract the file extension * * @access public * @param string * @return string - */ + */ function get_extension($filename) { $x = explode('.', $filename); return '.'.end($x); - } - + } + // -------------------------------------------------------------------- - + /** * Clean the file name for security * * @access public * @param string * @return string - */ + */ function clean_file_name($filename) { $bad = array( @@ -773,40 +773,40 @@ class CI_Upload { "%20", "%22", "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; + "%253c", // < + "%3e", // > + "%0e", // > + "%28", // ( + "%29", // ) + "%2528", // ( + "%26", // & + "%24", // $ + "%3f", // ? + "%3b", // ; "%3d" // = ); - + $filename = str_replace($bad, '', $filename); return stripslashes($filename); } // -------------------------------------------------------------------- - + /** * Limit the File Name Length * * @access public * @param string * @return string - */ + */ function limit_filename_length($filename, $length) { if (strlen($filename) < $length) { return $filename; } - + $ext = ''; if (strpos($filename, '.') !== FALSE) { @@ -814,12 +814,12 @@ class CI_Upload { $ext = '.'.array_pop($parts); $filename = implode('.', $parts); } - + return substr($filename, 0, ($length - strlen($ext))).$ext; } // -------------------------------------------------------------------- - + /** * Runs the file through the XSS clean function * @@ -829,26 +829,26 @@ class CI_Upload { * * @access public * @return void - */ + */ function do_xss_clean() - { + { $file = $this->file_temp; - + if (filesize($file) == 0) { return FALSE; } - + if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '') { $current = ini_get('memory_limit') * 1024 * 1024; - + // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output // into scientific notation. number_format() ensures this number is an integer // http://bugs.php.net/bug.php?id=43053 - + $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); - + ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net } @@ -856,18 +856,18 @@ class CI_Upload { // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of - // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an + // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an // attempted XSS attack. if (function_exists('getimagesize') && @getimagesize($file) !== FALSE) { - if (($file = @fopen($file, 'rb')) === FALSE) // "b" to force binary - { + if (($file = @fopen($file, 'rb')) === FALSE) // "b" to force binary + { return FALSE; // Couldn't open the file, return FALSE - } + } - $opening_bytes = fread($file, 256); - fclose($file); + $opening_bytes = fread($file, 256); + fclose($file); // These are known to throw IE into mime-type detection chaos // <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title @@ -885,37 +885,37 @@ class CI_Upload { } $CI =& get_instance(); - + if ( ! isset($CI->security)) { $CI->load->library('security'); } - + return $CI->security->xss_clean($data, TRUE); } - + // -------------------------------------------------------------------- - + /** * Set an error message * * @access public * @param string * @return void - */ + */ function set_error($msg) { - $CI =& get_instance(); + $CI =& get_instance(); $CI->lang->load('upload'); - + if (is_array($msg)) { foreach ($msg as $val) { - $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val); + $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); - } + } } else { @@ -924,9 +924,9 @@ class CI_Upload { log_message('error', $msg); } } - + // -------------------------------------------------------------------- - + /** * Display the error message * @@ -934,7 +934,7 @@ class CI_Upload { * @param string * @param string * @return string - */ + */ function display_errors($open = '<p>', $close = '</p>') { $str = ''; @@ -942,12 +942,12 @@ class CI_Upload { { $str .= $open.$val.$close; } - + return $str; } - + // -------------------------------------------------------------------- - + /** * List of Mime Types * @@ -957,11 +957,11 @@ class CI_Upload { * @access public * @param string * @return string - */ + */ function mimes_types($mime) { global $mimes; - + if (count($this->mimes) == 0) { if (@require_once(APPPATH.'config/mimes'.EXT)) @@ -970,12 +970,12 @@ class CI_Upload { unset($mimes); } } - + return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime]; } // -------------------------------------------------------------------- - + /** * Prep Filename * @@ -1010,7 +1010,7 @@ class CI_Upload { } $filename .= '.'.$ext; - + return $filename; } |