summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
authoradmin <devnull@localhost>2006-10-21 21:44:22 +0200
committeradmin <devnull@localhost>2006-10-21 21:44:22 +0200
commite334c472fb4be44feec3a73402fc4a2b062cbfc0 (patch)
tree553f17d67e7ef652016ec85b2a576bb2210f0ff8 /system/libraries/Upload.php
parentbd6bee75dd26ade1c8d9cfd104bb913065797c59 (diff)
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r--system/libraries/Upload.php418
1 files changed, 209 insertions, 209 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 09a479431..1a0b0fc8f 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -7,7 +7,7 @@
* @package CodeIgniter
* @author Rick Ellis
* @copyright Copyright (c) 2006, pMachine, Inc.
- * @license http://www.codeignitor.com/user_guide/license.html
+ * @license http://www.codeignitor.com/user_guide/license.html
* @link http://www.codeigniter.com
* @since Version 1.0
* @filesource
@@ -17,7 +17,7 @@
/**
* File Uploading Class
- *
+ *
* @package CodeIgniter
* @subpackage Libraries
* @category Uploads
@@ -43,7 +43,7 @@ class CI_Upload {
var $image_width = '';
var $image_height = '';
var $image_type = '';
- var $image_size_str = '';
+ var $image_size_str = '';
var $error_msg = array();
var $mimes = array();
var $remove_spaces = TRUE;
@@ -75,7 +75,7 @@ class CI_Upload {
* @return void
*/
function initialize($config = array())
- {
+ {
foreach ($config as $key => $val)
{
$method = 'set_'.$key;
@@ -98,41 +98,41 @@ class CI_Upload {
* @access public
* @return bool
*/
- function do_upload($field = 'userfile')
- {
+ function do_upload($field = 'userfile')
+ {
// Is $_FILES[$field] set? If not, no reason to continue.
- if ( ! isset($_FILES[$field]))
- {
+ if ( ! isset($_FILES[$field]))
+ {
$this->set_error('upload_userfile_not_set');
return FALSE;
- }
-
+ }
+
// Is the upload path valid?
if ( ! $this->validate_upload_path())
{
return FALSE;
}
-
+
// Was the file able to be uploaded? If not, determine the reason why.
- if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
- {
- $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
-
- switch($error)
- {
- case 1 : $this->set_error('upload_file_exceeds_limit');
- break;
- case 3 : $this->set_error('upload_file_partial');
- break;
- case 4 : $this->set_error('upload_no_file_selected');
- break;
- default : $this->set_error('upload_no_file_selected');
- break;
- }
-
- return FALSE;
- }
-
+ if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
+ {
+ $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
+
+ switch($error)
+ {
+ case 1 : $this->set_error('upload_file_exceeds_limit');
+ break;
+ case 3 : $this->set_error('upload_file_partial');
+ break;
+ case 4 : $this->set_error('upload_no_file_selected');
+ break;
+ default : $this->set_error('upload_no_file_selected');
+ break;
+ }
+
+ return FALSE;
+ }
+
// Set the uploaded data as class variables
$this->file_temp = $_FILES[$field]['tmp_name'];
$this->file_name = $_FILES[$field]['name'];
@@ -148,36 +148,36 @@ class CI_Upload {
}
// Is the file type allowed to be uploaded?
- if ( ! $this->is_allowed_filetype())
- {
+ if ( ! $this->is_allowed_filetype())
+ {
$this->set_error('upload_invalid_filetype');
return FALSE;
- }
+ }
// Is the file size within the allowed maximum?
- if ( ! $this->is_allowed_filesize())
- {
+ if ( ! $this->is_allowed_filesize())
+ {
$this->set_error('upload_invalid_filesize');
- return FALSE;
- }
-
+ return FALSE;
+ }
+
// Are the image dimensions within the allowed size?
// Note: This can fail if the server has an open_basdir restriction.
- if ( ! $this->is_allowed_dimensions())
- {
+ if ( ! $this->is_allowed_dimensions())
+ {
$this->set_error('upload_invalid_dimensions');
- return FALSE;
- }
-
+ return FALSE;
+ }
+
// Sanitize the file name for security
- $this->file_name = $this->clean_file_name($this->file_name);
-
+ $this->file_name = $this->clean_file_name($this->file_name);
+
// Remove white spaces in the name
- if ($this->remove_spaces == TRUE)
- {
- $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
- }
-
+ if ($this->remove_spaces == TRUE)
+ {
+ $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
+ }
+
/*
* Validate the file name
* This function appends an number onto the end of
@@ -195,7 +195,7 @@ class CI_Upload {
return FALSE;
}
}
-
+
/*
* Move the file to the final destination
* To deal with different server configurations
@@ -204,42 +204,42 @@ class CI_Upload {
* reliably work in most environments
*/
if ( ! @copy($this->file_temp, $this->file_path.$this->file_name))
- {
+ {
if ( ! @move_uploaded_file($this->file_temp, $this->file_path.$this->file_name))
{
$this->set_error('upload_destination_error');
return FALSE;
}
- }
+ }
/*
* Run the file through the XSS hacking filter
* This helps prevent malicious code from being
- * embedded within a file. Scripts can easily
+ * embedded within a file. Scripts can easily
* be disguised as images or other file types.
*/
if ($this->xss_clean == TRUE)
{
$this->do_xss_clean();
}
-
+
/*
* Set the finalized image dimensions
* This sets the image width/height (assuming the
* file was an image). We use this information
* in the "data" function.
*/
- $this->set_image_properties($this->file_path.$this->file_name);
-
+ $this->set_image_properties($this->file_path.$this->file_name);
+
return TRUE;
- }
+ }
// --------------------------------------------------------------------
/**
- * Finalized Data Array
+ * Finalized Data Array
*
- * Returns an associative array containing all of the information
+ * Returns an associative array containing all of the information
* related to the upload, allowing the developer easy access in one array.
*
* @access public
@@ -267,24 +267,24 @@ class CI_Upload {
// --------------------------------------------------------------------
/**
- * Set Upload Path
+ * Set Upload Path
*
* @access public
* @param string
* @return void
*/
- function set_upload_path($path)
- {
+ function set_upload_path($path)
+ {
$this->file_path = $path;
}
// --------------------------------------------------------------------
/**
- * Set the file name
+ * Set the file name
*
- * This function takes a filename/path as input and looks for the
- * existence of a file with the same name. If found, it will append a
+ * This function takes a filename/path as input and looks for the
+ * existence of a file with the same name. If found, it will append a
* number to the end of the filename to avoid overwriting a pre-existing file.
*
* @access public
@@ -331,58 +331,58 @@ class CI_Upload {
// --------------------------------------------------------------------
/**
- * Set Maximum File Size
+ * Set Maximum File Size
*
* @access public
* @param integer
* @return void
*/
- function set_max_filesize($n)
- {
- $this->max_size = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
- }
+ function set_max_filesize($n)
+ {
+ $this->max_size = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
+ }
// --------------------------------------------------------------------
/**
- * Set Maximum Image Width
+ * Set Maximum Image Width
*
* @access public
* @param integer
* @return void
*/
- function set_max_width($n)
- {
- $this->max_width = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
- }
+ function set_max_width($n)
+ {
+ $this->max_width = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
+ }
// --------------------------------------------------------------------
/**
- * Set Maximum Image Height
+ * Set Maximum Image Height
*
* @access public
* @param integer
* @return void
*/
- function set_max_height($n)
- {
- $this->max_height = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
- }
+ function set_max_height($n)
+ {
+ $this->max_height = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
+ }
// --------------------------------------------------------------------
/**
- * Set Allowed File Types
+ * Set Allowed File Types
*
* @access public
* @param string
* @return void
*/
- function set_allowed_types($types)
- {
- $this->allowed_types = explode('|', $types);
- }
+ function set_allowed_types($types)
+ {
+ $this->allowed_types = explode('|', $types);
+ }
// --------------------------------------------------------------------
@@ -395,26 +395,26 @@ class CI_Upload {
* @param string
* @return void
*/
- function set_image_properties($path = '')
- {
- if ( ! $this->is_image())
- {
- return;
- }
-
- if (function_exists('getimagesize'))
- {
- if (FALSE !== ($D = @getimagesize($path)))
- {
+ function set_image_properties($path = '')
+ {
+ if ( ! $this->is_image())
+ {
+ return;
+ }
+
+ if (function_exists('getimagesize'))
+ {
+ if (FALSE !== ($D = @getimagesize($path)))
+ {
$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
-
+
$this->image_width = $D['0'];
$this->image_height = $D['1'];
$this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
$this->image_size_str = $D['3']; // string containing height and width
}
- }
- }
+ }
+ }
// --------------------------------------------------------------------
@@ -441,21 +441,21 @@ class CI_Upload {
* @access public
* @return bool
*/
- function is_image()
- {
- $img_mimes = array(
- 'image/gif',
- 'image/jpg',
- 'image/jpe',
- 'image/jpeg',
- 'image/pjpeg',
- 'image/png',
- 'image/x-png'
- );
-
+ function is_image()
+ {
+ $img_mimes = array(
+ 'image/gif',
+ 'image/jpg',
+ 'image/jpe',
+ 'image/jpeg',
+ 'image/pjpeg',
+ 'image/png',
+ 'image/x-png'
+ );
+
return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
- }
+ }
// --------------------------------------------------------------------
@@ -465,36 +465,36 @@ class CI_Upload {
* @access public
* @return bool
*/
- function is_allowed_filetype()
- {
- if (count($this->allowed_types) == 0)
- {
+ function is_allowed_filetype()
+ {
+ if (count($this->allowed_types) == 0)
+ {
$this->set_error('upload_no_file_types');
return FALSE;
- }
-
- foreach ($this->allowed_types as $val)
- {
- $mime = $this->mimes_types(strtolower($val));
-
- if (is_array($mime))
- {
- if (in_array($this->file_type, $mime, TRUE))
- {
- return TRUE;
- }
- }
- else
- {
+ }
+
+ foreach ($this->allowed_types as $val)
+ {
+ $mime = $this->mimes_types(strtolower($val));
+
+ if (is_array($mime))
+ {
+ if (in_array($this->file_type, $mime, TRUE))
+ {
+ return TRUE;
+ }
+ }
+ else
+ {
if ($mime == $this->file_type)
{
return TRUE;
}
- }
- }
-
- return FALSE;
- }
+ }
+ }
+
+ return FALSE;
+ }
// --------------------------------------------------------------------
@@ -504,17 +504,17 @@ class CI_Upload {
* @access public
* @return bool
*/
- function is_allowed_filesize()
- {
- if ($this->max_size != 0 AND $this->file_size > $this->max_size)
- {
- return FALSE;
- }
- else
- {
- return TRUE;
- }
- }
+ function is_allowed_filesize()
+ {
+ if ($this->max_size != 0 AND $this->file_size > $this->max_size)
+ {
+ return FALSE;
+ }
+ else
+ {
+ return TRUE;
+ }
+ }
// --------------------------------------------------------------------
@@ -524,37 +524,37 @@ class CI_Upload {
* @access public
* @return bool
*/
- function is_allowed_dimensions()
- {
- if ( ! $this->is_image())
- {
- return TRUE;
- }
-
- if (function_exists('getimagesize'))
- {
- $D = @getimagesize($this->file_temp);
-
- if ($this->max_width > 0 AND $D['0'] > $this->max_width)
- {
- return FALSE;
- }
-
- if ($this->max_height > 0 AND $D['1'] > $this->max_height)
- {
- return FALSE;
- }
-
- return TRUE;
- }
-
- return TRUE;
- }
+ function is_allowed_dimensions()
+ {
+ if ( ! $this->is_image())
+ {
+ return TRUE;
+ }
+
+ if (function_exists('getimagesize'))
+ {
+ $D = @getimagesize($this->file_temp);
+
+ if ($this->max_width > 0 AND $D['0'] > $this->max_width)
+ {
+ return FALSE;
+ }
+
+ if ($this->max_height > 0 AND $D['1'] > $this->max_height)
+ {
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ return TRUE;
+ }
// --------------------------------------------------------------------
/**
- * Validate Upload Path
+ * Validate Upload Path
*
* Verifies that it is a valid upload path with proper permissions.
*
@@ -562,34 +562,34 @@ class CI_Upload {
* @access public
* @return bool
*/
- function validate_upload_path()
- {
- if ($this->file_path == '')
- {
+ function validate_upload_path()
+ {
+ if ($this->file_path == '')
+ {
$this->set_error('upload_no_filepath');
return FALSE;
- }
-
+ }
+
if (function_exists('realpath') AND @realpath($this->file_path) !== FALSE)
{
- $this->file_path = str_replace("\\", "/", realpath($this->file_path));
+ $this->file_path = str_replace("\\", "/", realpath($this->file_path));
}
-
- if ( ! @is_dir($this->file_path))
- {
+
+ if ( ! @is_dir($this->file_path))
+ {
$this->set_error('upload_no_filepath');
return FALSE;
- }
-
- if ( ! is_writable($this->file_path))
- {
+ }
+
+ if ( ! is_writable($this->file_path))
+ {
$this->set_error('upload_not_writable');
return FALSE;
- }
-
+ }
+
$this->file_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->file_path);
return TRUE;
- }
+ }
// --------------------------------------------------------------------
@@ -617,7 +617,7 @@ class CI_Upload {
*/
function clean_file_name($filename)
{
- $bad = array(
+ $bad = array(
"<!--",
"-->",
"'",
@@ -636,21 +636,21 @@ class CI_Upload {
"%253c", // <
"%3e", // >
"%0e", // >
- "%28", // (
- "%29", // )
+ "%28", // (
+ "%29", // )
"%2528", // (
"%26", // &
"%24", // $
"%3f", // ?
"%3b", // ;
"%3d" // =
- );
-
- foreach ($bad as $val)
- {
- $filename = str_replace($val, '', $filename);
- }
-
+ );
+
+ foreach ($bad as $val)
+ {
+ $filename = str_replace($val, '', $filename);
+ }
+
return $filename;
}
@@ -659,7 +659,7 @@ class CI_Upload {
/**
* Runs the file through the XSS clean function
*
- * This prevents people from embedding malicious code in their files.
+ * This prevents people from embedding malicious code in their files.
* I'm not sure that it won't negatively affect certain files in unexpected ways,
* but so far I haven't found that it causes trouble.
*
@@ -670,7 +670,7 @@ class CI_Upload {
{
$file = $this->file_path.$this->file_name;
- if (filesize($file) == 0)
+ if (filesize($file) == 0)
{
return FALSE;
}
@@ -680,16 +680,16 @@ class CI_Upload {
return FALSE;
}
- flock($fp, LOCK_EX);
+ flock($fp, LOCK_EX);
- $data = fread($fp, filesize($file));
+ $data = fread($fp, filesize($file));
$CI =& get_instance();
$data = $CI->input->xss_clean($data);
- fwrite($fp, $data);
- flock($fp, LOCK_UN);
- fclose($fp);
+ fwrite($fp, $data);
+ flock($fp, LOCK_UN);
+ fclose($fp);
}
// --------------------------------------------------------------------