diff options
author | Joffrey Jaffeux <j.jaffeux@gmail.com> | 2012-06-07 20:00:59 +0200 |
---|---|---|
committer | Joffrey Jaffeux <j.jaffeux@gmail.com> | 2012-06-07 20:00:59 +0200 |
commit | bb2da6fafaab754aee3e6745bf23db52e3aed57d (patch) | |
tree | 85fd992a15d4ed1800218aedffa8a3aa09931ff2 /system/libraries/Upload.php | |
parent | 9d1407523ae585d45171b54123ba29c0ec831f79 (diff) | |
parent | 25d47aec0417e52af43985663ebc1f62931f13cd (diff) |
Merge https://github.com/EllisLab/CodeIgniter into test-encryption-class
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r-- | system/libraries/Upload.php | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c1e07de7a..1f6aeeb6b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -694,7 +694,7 @@ class CI_Upload { return FALSE; } - if (function_exists('realpath') && @realpath($this->upload_path) !== FALSE) + if (@realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace('\\', '/', realpath($this->upload_path)); } @@ -815,17 +815,17 @@ class CI_Upload { return FALSE; } - if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit')) + if (memory_get_usage() && ($memory_limit = ini_get('memory_limit'))) { - $current = ini_get('memory_limit') * 1024 * 1024; + $memory_limit *= 1024 * 1024; // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output // into scientific notation. number_format() ensures this number is an integer // http://bugs.php.net/bug.php?id=43053 - $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); + $memory_limit = number_format(ceil(filesize($file) + $memory_limit), 0, '.', ''); - ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net + ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net } // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but @@ -849,14 +849,8 @@ class CI_Upload { // <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title // title is basically just in SVG, but we filter it anyhow - if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes)) - { - return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good - } - else - { - return FALSE; - } + // if its an image or no "triggers" detected in the first 256 bytes - we're good + return ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes); } if (($data = @file_get_contents($file)) === FALSE) |