summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Upload.php10
-rw-r--r--user_guide_src/source/changelog.rst1
-rw-r--r--user_guide_src/source/libraries/file_uploading.rst5
3 files changed, 15 insertions, 1 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 060973847..7989d113e 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -234,6 +234,13 @@ class CI_Upload {
public $xss_clean = FALSE;
/**
+ * Apache mod_mime fix flag
+ *
+ * @var bool
+ */
+ public $mod_mime_fix = TRUE;
+
+ /**
* Temporary filename prefix
*
* @var string
@@ -314,6 +321,7 @@ class CI_Upload {
'remove_spaces' => TRUE,
'detect_mime' => TRUE,
'xss_clean' => FALSE,
+ 'mod_mime_fix' => TRUE,
'temp_prefix' => 'temp_file_',
'client_name' => ''
);
@@ -1148,7 +1156,7 @@ class CI_Upload {
*/
protected function _prep_filename($filename)
{
- if (strpos($filename, '.') === FALSE OR $this->allowed_types === '*')
+ if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR strpos($filename, '.') === FALSE)
{
return $filename;
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 053f57703..ecd0eb541 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -274,6 +274,7 @@ Release Date: Not Released
- Added the **min_width** and **min_height** options for images.
- Removed method ``clean_file_name()`` and its usage in favor of :doc:`Security Library <libraries/security>`'s ``sanitize_filename()``.
- Added **file_ext_tolower** config setting.
+ - Added **mod_mime_fix** option to disable suffixing multiple file extensions with an underscore.
- :doc:`Cart library <libraries/cart>` changes include:
diff --git a/user_guide_src/source/libraries/file_uploading.rst b/user_guide_src/source/libraries/file_uploading.rst
index a295d7427..ac56fabce 100644
--- a/user_guide_src/source/libraries/file_uploading.rst
+++ b/user_guide_src/source/libraries/file_uploading.rst
@@ -224,6 +224,11 @@ Preference Default Value Options Descripti
**detect_mime** TRUE TRUE/FALSE (boolean) If set to TRUE, a server side detection of the file type will be
performed to avoid code injection attacks. DO NOT disable this option
unless you have no other option as that would cause a security risk.
+**mod_mime_fix** TRUE TRUE/FALSE (boolean) If set to TRUE, multiple filename extensions will be suffixed with an
+ underscore in order to avoid triggering `Apache mod_mime
+ <http://httpd.apache.org/docs/2.0/mod/mod_mime.html#multipleext>`_.
+ DO NOT turn off this option if your upload directory is public, as this
+ is a security risk.
============================ ================= ======================= ======================================================================
Setting preferences in a config file