summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-10-05 21:45:41 +0200
committerAndrey Andreev <narf@bofh.bg>2012-10-05 21:45:41 +0200
commit5b5021812ea6dc859312e00b6b0f078eea54c88d (patch)
tree0a8840ee0429cc405cb597438a73d03bca970c1a /system/libraries/Upload.php
parent49d08053257b55db511eaca08b8ab5d12149f3b6 (diff)
parentdbad54e09a39a77c7404dee9ca1a6b34299469d0 (diff)
Merge upstream branch
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r--system/libraries/Upload.php97
1 files changed, 46 insertions, 51 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 271c6d21f..d381440cd 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -59,6 +59,7 @@ class CI_Upload {
public $error_msg = array();
public $mimes = array();
public $remove_spaces = TRUE;
+ public $detect_mime = TRUE;
public $xss_clean = FALSE;
public $temp_prefix = 'temp_file_';
public $client_name = '';
@@ -78,6 +79,8 @@ class CI_Upload {
$this->initialize($props);
}
+ $this->mimes =& get_mimes();
+
log_message('debug', 'Upload Class Initialized');
}
@@ -113,8 +116,8 @@ class CI_Upload {
'image_type' => '',
'image_size_str' => '',
'error_msg' => array(),
- 'mimes' => array(),
'remove_spaces' => TRUE,
+ 'detect_mime' => TRUE,
'xss_clean' => FALSE,
'temp_prefix' => 'temp_file_',
'client_name' => ''
@@ -208,7 +211,13 @@ class CI_Upload {
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
$this->file_size = $_FILES[$field]['size'];
- $this->_file_mime_type($_FILES[$field]);
+
+ // Skip MIME type detection?
+ if ($this->detect_mime !== FALSE)
+ {
+ $this->_file_mime_type($_FILES[$field]);
+ }
+
$this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type);
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
@@ -223,7 +232,7 @@ class CI_Upload {
}
// if we're overriding, let's now make sure the new name and type is allowed
- if ($this->_file_name_override != '')
+ if ($this->_file_name_override !== '')
{
$this->file_name = $this->_prep_filename($this->_file_name_override);
@@ -276,7 +285,7 @@ class CI_Upload {
}
// Remove white spaces in the name
- if ($this->remove_spaces == TRUE)
+ if ($this->remove_spaces === TRUE)
{
$this->file_name = preg_replace('/\s+/', '_', $this->file_name);
}
@@ -289,7 +298,7 @@ class CI_Upload {
*/
$this->orig_name = $this->file_name;
- if ($this->overwrite == FALSE)
+ if ($this->overwrite === FALSE)
{
$this->file_name = $this->set_filename($this->upload_path, $this->file_name);
@@ -346,11 +355,12 @@ class CI_Upload {
* Returns an associative array containing all of the information
* related to the upload, allowing the developer easy access in one array.
*
- * @return array
+ * @param string
+ * @return mixed
*/
- public function data()
+ public function data($index = NULL)
{
- return array(
+ $data = array(
'file_name' => $this->file_name,
'file_type' => $this->file_type,
'file_path' => $this->upload_path,
@@ -366,6 +376,13 @@ class CI_Upload {
'image_type' => $this->image_type,
'image_size_str' => $this->image_size_str,
);
+
+ if ( ! empty($index))
+ {
+ return isset($data[$index]) ? $data[$index] : NULL;
+ }
+
+ return $data;
}
// --------------------------------------------------------------------
@@ -397,7 +414,7 @@ class CI_Upload {
*/
public function set_filename($path, $filename)
{
- if ($this->encrypt_name == TRUE)
+ if ($this->encrypt_name === TRUE)
{
mt_srand();
$filename = md5(uniqid(mt_rand())).$this->file_ext;
@@ -420,7 +437,7 @@ class CI_Upload {
}
}
- if ($new_filename == '')
+ if ($new_filename === '')
{
$this->set_error('upload_bad_filename');
return FALSE;
@@ -545,7 +562,7 @@ class CI_Upload {
*/
public function set_xss_clean($flag = FALSE)
{
- $this->xss_clean = ($flag == TRUE);
+ $this->xss_clean = ($flag === TRUE);
}
// --------------------------------------------------------------------
@@ -641,7 +658,7 @@ class CI_Upload {
*/
public function is_allowed_filesize()
{
- return ($this->max_size == 0 OR $this->max_size > $this->file_size);
+ return ($this->max_size === 0 OR $this->max_size > $this->file_size);
}
// --------------------------------------------------------------------
@@ -687,13 +704,13 @@ class CI_Upload {
*/
public function validate_upload_path()
{
- if ($this->upload_path == '')
+ if ($this->upload_path === '')
{
$this->set_error('upload_no_filepath');
return FALSE;
}
- if (function_exists('realpath') && @realpath($this->upload_path) !== FALSE)
+ if (@realpath($this->upload_path) !== FALSE)
{
$this->upload_path = str_replace('\\', '/', realpath($this->upload_path));
}
@@ -747,6 +764,8 @@ class CI_Upload {
';',
'?',
'/',
+ '!',
+ '#',
'%20',
'%22',
'%3c', // <
@@ -812,17 +831,17 @@ class CI_Upload {
return FALSE;
}
- if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '')
+ if (memory_get_usage() && ($memory_limit = ini_get('memory_limit')))
{
- $current = ini_get('memory_limit') * 1024 * 1024;
+ $memory_limit *= 1024 * 1024;
// There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
// into scientific notation. number_format() ensures this number is an integer
// http://bugs.php.net/bug.php?id=43053
- $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
+ $memory_limit = number_format(ceil(filesize($file) + $memory_limit), 0, '.', '');
- ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net
+ ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net
}
// If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but
@@ -846,14 +865,8 @@ class CI_Upload {
// <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title
// title is basically just in SVG, but we filter it anyhow
- if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes))
- {
- return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
- }
- else
- {
- return FALSE;
- }
+ // if its an image or no "triggers" detected in the first 256 bytes - we're good
+ return ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes);
}
if (($data = @file_get_contents($file)) === FALSE)
@@ -882,14 +895,14 @@ class CI_Upload {
{
foreach ($msg as $val)
{
- $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
+ $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val);
$this->error_msg[] = $msg;
log_message('error', $msg);
}
}
else
{
- $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
+ $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg);
$this->error_msg[] = $msg;
log_message('error', $msg);
}
@@ -922,26 +935,6 @@ class CI_Upload {
*/
public function mimes_types($mime)
{
- global $mimes;
-
- if (count($this->mimes) == 0)
- {
- if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
- {
- include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php');
- }
- elseif (is_file(APPPATH.'config/mimes.php'))
- {
- include(APPPATH.'config/mimes.php');
- }
- else
- {
- return FALSE;
- }
-
- $this->mimes = $mimes;
- }
-
return isset($this->mimes[$mime]) ? $this->mimes[$mime] : FALSE;
}
@@ -958,7 +951,7 @@ class CI_Upload {
*/
protected function _prep_filename($filename)
{
- if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*')
+ if (strpos($filename, '.') === FALSE OR $this->allowed_types === '*')
{
return $filename;
}
@@ -1005,7 +998,7 @@ class CI_Upload {
*/
if (function_exists('finfo_file'))
{
- $finfo = finfo_open(FILEINFO_MIME);
+ $finfo = @finfo_open(FILEINFO_MIME);
if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system
{
$mime = @finfo_file($finfo, $file['tmp_name']);
@@ -1036,7 +1029,9 @@ class CI_Upload {
*/
if (DIRECTORY_SEPARATOR !== '\\')
{
- $cmd = 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1';
+ $cmd = function_exists('escapeshellarg')
+ ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1'
+ : 'file --brief --mime '.$file['tmp_name'].' 2>&1';
if (function_exists('exec'))
{