summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@server-speed.net>2011-01-28 22:51:06 +0100
committerFlorian Pritz <bluewind@server-speed.net>2011-01-28 22:58:52 +0100
commitce2b69675075444c9e40b72bcdd42ab7edbbe633 (patch)
tree2932f13b0db14fe53dc0622d888318db638a017f /system/libraries/Upload.php
parentb6b8a6587c399bfd89e13e92ce04ee8486688e6e (diff)
update to CI 2.0
Signed-off-by: Florian Pritz <bluewind@server-speed.net>
Diffstat (limited to 'system/libraries/Upload.php')
-rwxr-xr-x[-rw-r--r--]system/libraries/Upload.php508
1 files changed, 273 insertions, 235 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index a97b7bdfb..8f84ffd7e 100644..100755
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -2,11 +2,11 @@
/**
* CodeIgniter
*
- * An open source application development framework for PHP 4.3.2 or newer
+ * An open source application development framework for PHP 5.1.6 or newer
*
* @package CodeIgniter
* @author ExpressionEngine Dev Team
- * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc.
+ * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
* @license http://codeigniter.com/user_guide/license.html
* @link http://codeigniter.com
* @since Version 1.0
@@ -25,59 +25,59 @@
* @link http://codeigniter.com/user_guide/libraries/file_uploading.html
*/
class CI_Upload {
-
- var $max_size = 0;
- var $max_width = 0;
- var $max_height = 0;
- var $max_filename = 0;
- var $allowed_types = "";
- var $file_temp = "";
- var $file_name = "";
- var $orig_name = "";
- var $file_type = "";
- var $file_size = "";
- var $file_ext = "";
- var $upload_path = "";
- var $overwrite = FALSE;
- var $encrypt_name = FALSE;
- var $is_image = FALSE;
- var $image_width = '';
- var $image_height = '';
- var $image_type = '';
- var $image_size_str = '';
- var $error_msg = array();
- var $mimes = array();
- var $remove_spaces = TRUE;
- var $xss_clean = FALSE;
- var $temp_prefix = "temp_file_";
- var $client_name = '';
-
- var $_file_name_override = '';
+
+ public $max_size = 0;
+ public $max_width = 0;
+ public $max_height = 0;
+ public $max_filename = 0;
+ public $allowed_types = "";
+ public $file_temp = "";
+ public $file_name = "";
+ public $orig_name = "";
+ public $file_type = "";
+ public $file_size = "";
+ public $file_ext = "";
+ public $upload_path = "";
+ public $overwrite = FALSE;
+ public $encrypt_name = FALSE;
+ public $is_image = FALSE;
+ public $image_width = '';
+ public $image_height = '';
+ public $image_type = '';
+ public $image_size_str = '';
+ public $error_msg = array();
+ public $mimes = array();
+ public $remove_spaces = TRUE;
+ public $xss_clean = FALSE;
+ public $temp_prefix = "temp_file_";
+ public $client_name = '';
+
+ protected $_file_name_override = '';
+
/**
* Constructor
*
* @access public
*/
- function CI_Upload($props = array())
+ public function __construct($props = array())
{
if (count($props) > 0)
{
$this->initialize($props);
}
-
+
log_message('debug', "Upload Class Initialized");
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Initialize preferences
*
- * @access public
* @param array
* @return void
- */
- function initialize($config = array())
+ */
+ public function initialize($config = array())
{
$defaults = array(
'max_size' => 0,
@@ -105,9 +105,9 @@ class CI_Upload {
'xss_clean' => FALSE,
'temp_prefix' => "temp_file_",
'client_name' => ''
- );
-
-
+ );
+
+
foreach ($defaults as $key => $val)
{
if (isset($config[$key]))
@@ -120,28 +120,27 @@ class CI_Upload {
else
{
$this->$key = $config[$key];
- }
+ }
}
else
{
$this->$key = $val;
}
}
-
+
// if a file_name was provided in the config, use it instead of the user input
// supplied file name for all uploads until initialized again
$this->_file_name_override = $this->file_name;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Perform the file upload
*
- * @access public
* @return bool
- */
- function do_upload($field = 'userfile')
+ */
+ public function do_upload($field = 'userfile')
{
// Is $_FILES[$field] set? If not, no reason to continue.
if ( ! isset($_FILES[$field]))
@@ -149,7 +148,7 @@ class CI_Upload {
$this->set_error('upload_no_file_selected');
return FALSE;
}
-
+
// Is the upload path valid?
if ( ! $this->validate_upload_path())
{
@@ -171,10 +170,10 @@ class CI_Upload {
$this->set_error('upload_file_exceeds_form_limit');
break;
case 3: // UPLOAD_ERR_PARTIAL
- $this->set_error('upload_file_partial');
+ $this->set_error('upload_file_partial');
break;
case 4: // UPLOAD_ERR_NO_FILE
- $this->set_error('upload_no_file_selected');
+ $this->set_error('upload_no_file_selected');
break;
case 6: // UPLOAD_ERR_NO_TMP_DIR
$this->set_error('upload_no_temp_directory');
@@ -192,9 +191,10 @@ class CI_Upload {
return FALSE;
}
+
// Set the uploaded data as class variables
- $this->file_temp = $_FILES[$field]['tmp_name'];
- $this->file_size = $_FILES[$field]['size'];
+ $this->file_temp = $_FILES[$field]['tmp_name'];
+ $this->file_size = $_FILES[$field]['size'];
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
@@ -207,20 +207,31 @@ class CI_Upload {
$this->set_error('upload_invalid_filetype');
return FALSE;
}
-
+
// if we're overriding, let's now make sure the new name and type is allowed
if ($this->_file_name_override != '')
{
$this->file_name = $this->_prep_filename($this->_file_name_override);
- $this->file_ext = $this->get_extension($this->file_name);
+
+ // If no extension was provided in the file_name config item, use the uploaded one
+ if(strpos($this->_file_name_override, '.') === FALSE)
+ {
+ $this->file_name .= $this->file_ext;
+ }
+
+ // An extension was provided, lets have it!
+ else
+ {
+ $this->file_ext = $this->get_extension($this->_file_name_override);
+ }
if ( ! $this->is_allowed_filetype(TRUE))
{
$this->set_error('upload_invalid_filetype');
- return FALSE;
+ return FALSE;
}
}
-
+
// Convert the file size to kilobytes
if ($this->file_size > 0)
{
@@ -244,7 +255,7 @@ class CI_Upload {
// Sanitize the file name for security
$this->file_name = $this->clean_file_name($this->file_name);
-
+
// Truncate the file name if it's too long
if ($this->max_filename > 0)
{
@@ -268,7 +279,7 @@ class CI_Upload {
if ($this->overwrite == FALSE)
{
$this->file_name = $this->set_filename($this->upload_path, $this->file_name);
-
+
if ($this->file_name === FALSE)
{
return FALSE;
@@ -276,6 +287,21 @@ class CI_Upload {
}
/*
+ * Run the file through the XSS hacking filter
+ * This helps prevent malicious code from being
+ * embedded within a file. Scripts can easily
+ * be disguised as images or other file types.
+ */
+ if ($this->xss_clean)
+ {
+ if ($this->do_xss_clean() === FALSE)
+ {
+ $this->set_error('upload_unable_to_write_file');
+ return FALSE;
+ }
+ }
+
+ /*
* Move the file to the final destination
* To deal with different server configurations
* we'll attempt to use copy() first. If that fails
@@ -286,21 +312,10 @@ class CI_Upload {
{
if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
{
- $this->set_error('upload_destination_error');
- return FALSE;
+ $this->set_error('upload_destination_error');
+ return FALSE;
}
}
-
- /*
- * Run the file through the XSS hacking filter
- * This helps prevent malicious code from being
- * embedded within a file. Scripts can easily
- * be disguised as images or other file types.
- */
- if ($this->xss_clean == TRUE)
- {
- $this->do_xss_clean();
- }
/*
* Set the finalized image dimensions
@@ -312,19 +327,18 @@ class CI_Upload {
return TRUE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Finalized Data Array
- *
+ *
* Returns an associative array containing all of the information
* related to the upload, allowing the developer easy access in one array.
*
- * @access public
* @return array
- */
- function data()
+ */
+ public function data()
{
return array (
'file_name' => $this->file_name,
@@ -343,24 +357,23 @@ class CI_Upload {
'image_size_str' => $this->image_size_str,
);
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Upload Path
*
- * @access public
* @param string
* @return void
- */
- function set_upload_path($path)
+ */
+ public function set_upload_path($path)
{
// Make sure it has a trailing slash
$this->upload_path = rtrim($path, '/').'/';
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set the file name
*
@@ -368,29 +381,28 @@ class CI_Upload {
* existence of a file with the same name. If found, it will append a
* number to the end of the filename to avoid overwriting a pre-existing file.
*
- * @access public
* @param string
* @param string
* @return string
- */
- function set_filename($path, $filename)
+ */
+ public function set_filename($path, $filename)
{
if ($this->encrypt_name == TRUE)
- {
+ {
mt_srand();
- $filename = md5(uniqid(mt_rand())).$this->file_ext;
+ $filename = md5(uniqid(mt_rand())).$this->file_ext;
}
-
+
if ( ! file_exists($path.$filename))
{
return $filename;
}
-
+
$filename = str_replace($this->file_ext, '', $filename);
-
+
$new_filename = '';
for ($i = 1; $i < 100; $i++)
- {
+ {
if ( ! file_exists($path.$filename.$i.$this->file_ext))
{
$new_filename = $filename.$i.$this->file_ext;
@@ -408,89 +420,88 @@ class CI_Upload {
return $new_filename;
}
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Maximum File Size
*
- * @access public
* @param integer
* @return void
- */
- function set_max_filesize($n)
+ */
+ public function set_max_filesize($n)
{
$this->max_size = ((int) $n < 0) ? 0: (int) $n;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Maximum File Name Length
*
- * @access public
* @param integer
* @return void
- */
- function set_max_filename($n)
+ */
+ public function set_max_filename($n)
{
$this->max_filename = ((int) $n < 0) ? 0: (int) $n;
}
// --------------------------------------------------------------------
-
+
/**
* Set Maximum Image Width
*
- * @access public
* @param integer
* @return void
- */
- function set_max_width($n)
+ */
+ public function set_max_width($n)
{
$this->max_width = ((int) $n < 0) ? 0: (int) $n;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Maximum Image Height
*
- * @access public
* @param integer
* @return void
- */
- function set_max_height($n)
+ */
+ public function set_max_height($n)
{
$this->max_height = ((int) $n < 0) ? 0: (int) $n;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Allowed File Types
*
- * @access public
* @param string
* @return void
- */
- function set_allowed_types($types)
+ */
+ public function set_allowed_types($types)
{
+ if ( ! is_array($types) && $types == '*')
+ {
+ $this->allowed_types = '*';
+ return;
+ }
$this->allowed_types = explode('|', $types);
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set Image Properties
*
* Uses GD to determine the width/height/type of image
*
- * @access public
* @param string
* @return void
- */
- function set_image_properties($path = '')
+ */
+ public function set_image_properties($path = '')
{
if ( ! $this->is_image())
{
@@ -500,7 +511,7 @@ class CI_Upload {
if (function_exists('getimagesize'))
{
if (FALSE !== ($D = @getimagesize($path)))
- {
+ {
$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
$this->image_width = $D['0'];
@@ -510,45 +521,43 @@ class CI_Upload {
}
}
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set XSS Clean
*
* Enables the XSS flag so that the file that was uploaded
* will be run through the XSS filter.
*
- * @access public
* @param bool
* @return void
*/
- function set_xss_clean($flag = FALSE)
+ public function set_xss_clean($flag = FALSE)
{
$this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Validate the image
*
- * @access public
* @return bool
- */
- function is_image()
+ */
+ public function is_image()
{
// IE will sometimes return odd mime-types during upload, so here we just standardize all
// jpegs or pngs to the same file type.
$png_mimes = array('image/x-png');
$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
-
+
if (in_array($this->file_type, $png_mimes))
{
$this->file_type = 'image/png';
}
-
+
if (in_array($this->file_type, $jpeg_mimes))
{
$this->file_type = 'image/jpeg';
@@ -558,29 +567,33 @@ class CI_Upload {
'image/gif',
'image/jpeg',
'image/png',
- );
+ );
return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Verify that the filetype is allowed
*
- * @access public
* @return bool
- */
- function is_allowed_filetype($ignore_mime = FALSE)
+ */
+ public function is_allowed_filetype($ignore_mime = FALSE)
{
+ if ($this->allowed_types == '*')
+ {
+ return TRUE;
+ }
+
if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
{
$this->set_error('upload_no_file_types');
return FALSE;
}
-
+
$ext = strtolower(ltrim($this->file_ext, '.'));
-
+
if ( ! in_array($ext, $this->allowed_types))
{
return FALSE;
@@ -594,40 +607,39 @@ class CI_Upload {
if (getimagesize($this->file_temp) === FALSE)
{
return FALSE;
- }
+ }
}
if ($ignore_mime === TRUE)
{
return TRUE;
}
-
+
$mime = $this->mimes_types($ext);
-
+
if (is_array($mime))
{
if (in_array($this->file_type, $mime, TRUE))
{
return TRUE;
- }
+ }
}
elseif ($mime == $this->file_type)
{
return TRUE;
}
-
+
return FALSE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Verify that the file is within the allowed size
*
- * @access public
* @return bool
- */
- function is_allowed_filesize()
+ */
+ public function is_allowed_filesize()
{
if ($this->max_size != 0 AND $this->file_size > $this->max_size)
{
@@ -638,16 +650,15 @@ class CI_Upload {
return TRUE;
}
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Verify that the image is within the allowed width/height
*
- * @access public
* @return bool
- */
- function is_allowed_dimensions()
+ */
+ public function is_allowed_dimensions()
{
if ( ! $this->is_image())
{
@@ -673,26 +684,25 @@ class CI_Upload {
return TRUE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Validate Upload Path
*
* Verifies that it is a valid upload path with proper permissions.
*
*
- * @access public
* @return bool
- */
- function validate_upload_path()
+ */
+ public function validate_upload_path()
{
if ($this->upload_path == '')
{
$this->set_error('upload_no_filepath');
return FALSE;
}
-
+
if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
{
$this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
@@ -713,32 +723,30 @@ class CI_Upload {
$this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
return TRUE;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Extract the file extension
*
- * @access public
* @param string
* @return string
- */
- function get_extension($filename)
+ */
+ public function get_extension($filename)
{
$x = explode('.', $filename);
return '.'.end($x);
- }
-
+ }
+
// --------------------------------------------------------------------
-
+
/**
* Clean the file name for security
*
- * @access public
* @param string
* @return string
- */
- function clean_file_name($filename)
+ */
+ public function clean_file_name($filename)
{
$bad = array(
"<!--",
@@ -756,40 +764,39 @@ class CI_Upload {
"%20",
"%22",
"%3c", // <
- "%253c", // <
- "%3e", // >
- "%0e", // >
- "%28", // (
- "%29", // )
- "%2528", // (
- "%26", // &
- "%24", // $
- "%3f", // ?
- "%3b", // ;
+ "%253c", // <
+ "%3e", // >
+ "%0e", // >
+ "%28", // (
+ "%29", // )
+ "%2528", // (
+ "%26", // &
+ "%24", // $
+ "%3f", // ?
+ "%3b", // ;
"%3d" // =
);
-
+
$filename = str_replace($bad, '', $filename);
return stripslashes($filename);
}
// --------------------------------------------------------------------
-
+
/**
* Limit the File Name Length
*
- * @access public
* @param string
* @return string
- */
- function limit_filename_length($filename, $length)
+ */
+ public function limit_filename_length($filename, $length)
{
if (strlen($filename) < $length)
{
return $filename;
}
-
+
$ext = '';
if (strpos($filename, '.') !== FALSE)
{
@@ -797,12 +804,12 @@ class CI_Upload {
$ext = '.'.array_pop($parts);
$filename = implode('.', $parts);
}
-
+
return substr($filename, 0, ($length - strlen($ext))).$ext;
}
// --------------------------------------------------------------------
-
+
/**
* Runs the file through the XSS clean function
*
@@ -810,59 +817,93 @@ class CI_Upload {
* I'm not sure that it won't negatively affect certain files in unexpected ways,
* but so far I haven't found that it causes trouble.
*
- * @access public
* @return void
- */
- function do_xss_clean()
- {
- $file = $this->upload_path.$this->file_name;
-
+ */
+ public function do_xss_clean()
+ {
+ $file = $this->file_temp;
+
if (filesize($file) == 0)
{
return FALSE;
}
+ if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '')
+ {
+ $current = ini_get('memory_limit') * 1024 * 1024;
+
+ // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
+ // into scientific notation. number_format() ensures this number is an integer
+ // http://bugs.php.net/bug.php?id=43053
+
+ $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
+
+ ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net
+ }
+
+ // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but
+ // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone
+ // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
+ // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
+ // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an
+ // attempted XSS attack.
+
+ if (function_exists('getimagesize') && @getimagesize($file) !== FALSE)
+ {
+ if (($file = @fopen($file, 'rb')) === FALSE) // "b" to force binary
+ {
+ return FALSE; // Couldn't open the file, return FALSE
+ }
+
+ $opening_bytes = fread($file, 256);
+ fclose($file);
+
+ // These are known to throw IE into mime-type detection chaos
+ // <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title
+ // title is basically just in SVG, but we filter it anyhow
+
+ if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes))
+ {
+ return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
+ }
+ }
+
if (($data = @file_get_contents($file)) === FALSE)
{
return FALSE;
}
-
- if ( ! $fp = @fopen($file, FOPEN_READ_WRITE))
+
+ $CI =& get_instance();
+
+ if ( ! isset($CI->security))
{
- return FALSE;
+ $CI->load->library('security');
}
- $CI =& get_instance();
- $data = $CI->input->xss_clean($data);
-
- flock($fp, LOCK_EX);
- fwrite($fp, $data);
- flock($fp, LOCK_UN);
- fclose($fp);
+ return $CI->security->xss_clean($data, TRUE);
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Set an error message
*
- * @access public
* @param string
* @return void
- */
- function set_error($msg)
+ */
+ public function set_error($msg)
{
- $CI =& get_instance();
+ $CI =& get_instance();
$CI->lang->load('upload');
-
+
if (is_array($msg))
{
foreach ($msg as $val)
{
- $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
+ $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
$this->error_msg[] = $msg;
log_message('error', $msg);
- }
+ }
}
else
{
@@ -871,44 +912,42 @@ class CI_Upload {
log_message('error', $msg);
}
}
-
+
// --------------------------------------------------------------------
-
+
/**
* Display the error message
*
- * @access public
* @param string
* @param string
* @return string
- */
- function display_errors($open = '<p>', $close = '</p>')
+ */
+ public function display_errors($open = '<p>', $close = '</p>')
{
$str = '';
foreach ($this->error_msg as $val)
{
$str .= $open.$val.$close;
}
-
+
return $str;
}
-
+
// --------------------------------------------------------------------
-
+
/**
* List of Mime Types
*
* This is a list of mime types. We use it to validate
* the "allowed types" set by the developer
*
- * @access public
* @param string
* @return string
- */
- function mimes_types($mime)
+ */
+ public function mimes_types($mime)
{
global $mimes;
-
+
if (count($this->mimes) == 0)
{
if (@require_once(APPPATH.'config/mimes'.EXT))
@@ -917,25 +956,24 @@ class CI_Upload {
unset($mimes);
}
}
-
+
return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
}
// --------------------------------------------------------------------
-
+
/**
* Prep Filename
*
* Prevents possible script execution from Apache's handling of files multiple extensions
* http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
*
- * @access private
* @param string
* @return string
*/
- function _prep_filename($filename)
+ protected function _prep_filename($filename)
{
- if (strpos($filename, '.') === FALSE)
+ if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*')
{
return $filename;
}
@@ -957,7 +995,7 @@ class CI_Upload {
}
$filename .= '.'.$ext;
-
+
return $filename;
}