summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
diff options
context:
space:
mode:
Diffstat (limited to 'system/libraries/Upload.php')
-rw-r--r--system/libraries/Upload.php55
1 files changed, 30 insertions, 25 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8f84ffd7e..51fbf772c 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* CodeIgniter
*
@@ -142,7 +142,8 @@ class CI_Upload {
*/
public function do_upload($field = 'userfile')
{
- // Is $_FILES[$field] set? If not, no reason to continue.
+
+ // Is $_FILES[$field] set? If not, no reason to continue.
if ( ! isset($_FILES[$field]))
{
$this->set_error('upload_no_file_selected');
@@ -184,7 +185,7 @@ class CI_Upload {
case 8: // UPLOAD_ERR_EXTENSION
$this->set_error('upload_stopped_by_extension');
break;
- default : $this->set_error('upload_no_file_selected');
+ default : $this->set_error('upload_no_file_selected');
break;
}
@@ -214,7 +215,7 @@ class CI_Upload {
$this->file_name = $this->_prep_filename($this->_file_name_override);
// If no extension was provided in the file_name config item, use the uploaded one
- if(strpos($this->_file_name_override, '.') === FALSE)
+ if (strpos($this->_file_name_override, '.') === FALSE)
{
$this->file_name .= $this->file_ext;
}
@@ -289,7 +290,7 @@ class CI_Upload {
/*
* Run the file through the XSS hacking filter
* This helps prevent malicious code from being
- * embedded within a file. Scripts can easily
+ * embedded within a file. Scripts can easily
* be disguised as images or other file types.
*/
if ($this->xss_clean)
@@ -304,8 +305,8 @@ class CI_Upload {
/*
* Move the file to the final destination
* To deal with different server configurations
- * we'll attempt to use copy() first. If that fails
- * we'll use move_uploaded_file(). One of the two should
+ * we'll attempt to use copy() first. If that fails
+ * we'll use move_uploaded_file(). One of the two should
* reliably work in most environments
*/
if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
@@ -320,7 +321,7 @@ class CI_Upload {
/*
* Set the finalized image dimensions
* This sets the image width/height (assuming the
- * file was an image). We use this information
+ * file was an image). We use this information
* in the "data" function.
*/
$this->set_image_properties($this->upload_path.$this->file_name);
@@ -517,7 +518,7 @@ class CI_Upload {
$this->image_width = $D['0'];
$this->image_height = $D['1'];
$this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
- $this->image_size_str = $D['3']; // string containing height and width
+ $this->image_size_str = $D['3']; // string containing height and width
}
}
}
@@ -550,7 +551,7 @@ class CI_Upload {
// IE will sometimes return odd mime-types during upload, so here we just standardize all
// jpegs or pngs to the same file type.
- $png_mimes = array('image/x-png');
+ $png_mimes = array('image/x-png');
$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
if (in_array($this->file_type, $png_mimes))
@@ -641,7 +642,7 @@ class CI_Upload {
*/
public function is_allowed_filesize()
{
- if ($this->max_size != 0 AND $this->file_size > $this->max_size)
+ if ($this->max_size != 0 AND $this->file_size > $this->max_size)
{
return FALSE;
}
@@ -720,7 +721,7 @@ class CI_Upload {
return FALSE;
}
- $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
+ $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
return TRUE;
}
@@ -833,7 +834,7 @@ class CI_Upload {
$current = ini_get('memory_limit') * 1024 * 1024;
// There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
- // into scientific notation. number_format() ensures this number is an integer
+ // into scientific notation. number_format() ensures this number is an integer
// http://bugs.php.net/bug.php?id=43053
$new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
@@ -843,8 +844,8 @@ class CI_Upload {
// If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but
// IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone
- // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
- // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
+ // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
+ // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
// processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an
// attempted XSS attack.
@@ -874,12 +875,6 @@ class CI_Upload {
}
$CI =& get_instance();
-
- if ( ! isset($CI->security))
- {
- $CI->load->library('security');
- }
-
return $CI->security->xss_clean($data, TRUE);
}
@@ -938,7 +933,7 @@ class CI_Upload {
/**
* List of Mime Types
*
- * This is a list of mime types. We use it to validate
+ * This is a list of mime types. We use it to validate
* the "allowed types" set by the developer
*
* @param string
@@ -950,11 +945,21 @@ class CI_Upload {
if (count($this->mimes) == 0)
{
- if (@require_once(APPPATH.'config/mimes'.EXT))
+ if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'))
+ {
+ include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php');
+ }
+ elseif (is_file(APPPATH.'config/mimes.php'))
+ {
+ include(APPPATH.'config//mimes.php');
+ }
+ else
{
- $this->mimes = $mimes;
- unset($mimes);
+ return FALSE;
}
+
+ $this->mimes = $mimes;
+ unset($mimes);
}
return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];