diff options
Diffstat (limited to 'system/libraries/Upload.php')
| -rwxr-xr-x[-rw-r--r--] | system/libraries/Upload.php | 508 |
1 files changed, 273 insertions, 235 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a97b7bdfb..8f84ffd7e 100644..100755 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 4.3.2 or newer + * An open source application development framework for PHP 5.1.6 or newer * * @package CodeIgniter * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2010, EllisLab, Inc. + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. * @license http://codeigniter.com/user_guide/license.html * @link http://codeigniter.com * @since Version 1.0 @@ -25,59 +25,59 @@ * @link http://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { - - var $max_size = 0; - var $max_width = 0; - var $max_height = 0; - var $max_filename = 0; - var $allowed_types = ""; - var $file_temp = ""; - var $file_name = ""; - var $orig_name = ""; - var $file_type = ""; - var $file_size = ""; - var $file_ext = ""; - var $upload_path = ""; - var $overwrite = FALSE; - var $encrypt_name = FALSE; - var $is_image = FALSE; - var $image_width = ''; - var $image_height = ''; - var $image_type = ''; - var $image_size_str = ''; - var $error_msg = array(); - var $mimes = array(); - var $remove_spaces = TRUE; - var $xss_clean = FALSE; - var $temp_prefix = "temp_file_"; - var $client_name = ''; - - var $_file_name_override = ''; + + public $max_size = 0; + public $max_width = 0; + public $max_height = 0; + public $max_filename = 0; + public $allowed_types = ""; + public $file_temp = ""; + public $file_name = ""; + public $orig_name = ""; + public $file_type = ""; + public $file_size = ""; + public $file_ext = ""; + public $upload_path = ""; + public $overwrite = FALSE; + public $encrypt_name = FALSE; + public $is_image = FALSE; + public $image_width = ''; + public $image_height = ''; + public $image_type = ''; + public $image_size_str = ''; + public $error_msg = array(); + public $mimes = array(); + public $remove_spaces = TRUE; + public $xss_clean = FALSE; + public $temp_prefix = "temp_file_"; + public $client_name = ''; + + protected $_file_name_override = ''; + /** * Constructor * * @access public */ - function CI_Upload($props = array()) + public function __construct($props = array()) { if (count($props) > 0) { $this->initialize($props); } - + log_message('debug', "Upload Class Initialized"); } - + // -------------------------------------------------------------------- - + /** * Initialize preferences * - * @access public * @param array * @return void - */ - function initialize($config = array()) + */ + public function initialize($config = array()) { $defaults = array( 'max_size' => 0, @@ -105,9 +105,9 @@ class CI_Upload { 'xss_clean' => FALSE, 'temp_prefix' => "temp_file_", 'client_name' => '' - ); - - + ); + + foreach ($defaults as $key => $val) { if (isset($config[$key])) @@ -120,28 +120,27 @@ class CI_Upload { else { $this->$key = $config[$key]; - } + } } else { $this->$key = $val; } } - + // if a file_name was provided in the config, use it instead of the user input // supplied file name for all uploads until initialized again $this->_file_name_override = $this->file_name; } - + // -------------------------------------------------------------------- - + /** * Perform the file upload * - * @access public * @return bool - */ - function do_upload($field = 'userfile') + */ + public function do_upload($field = 'userfile') { // Is $_FILES[$field] set? If not, no reason to continue. if ( ! isset($_FILES[$field])) @@ -149,7 +148,7 @@ class CI_Upload { $this->set_error('upload_no_file_selected'); return FALSE; } - + // Is the upload path valid? if ( ! $this->validate_upload_path()) { @@ -171,10 +170,10 @@ class CI_Upload { $this->set_error('upload_file_exceeds_form_limit'); break; case 3: // UPLOAD_ERR_PARTIAL - $this->set_error('upload_file_partial'); + $this->set_error('upload_file_partial'); break; case 4: // UPLOAD_ERR_NO_FILE - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected'); break; case 6: // UPLOAD_ERR_NO_TMP_DIR $this->set_error('upload_no_temp_directory'); @@ -192,9 +191,10 @@ class CI_Upload { return FALSE; } + // Set the uploaded data as class variables - $this->file_temp = $_FILES[$field]['tmp_name']; - $this->file_size = $_FILES[$field]['size']; + $this->file_temp = $_FILES[$field]['tmp_name']; + $this->file_size = $_FILES[$field]['size']; $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); @@ -207,20 +207,31 @@ class CI_Upload { $this->set_error('upload_invalid_filetype'); return FALSE; } - + // if we're overriding, let's now make sure the new name and type is allowed if ($this->_file_name_override != '') { $this->file_name = $this->_prep_filename($this->_file_name_override); - $this->file_ext = $this->get_extension($this->file_name); + + // If no extension was provided in the file_name config item, use the uploaded one + if(strpos($this->_file_name_override, '.') === FALSE) + { + $this->file_name .= $this->file_ext; + } + + // An extension was provided, lets have it! + else + { + $this->file_ext = $this->get_extension($this->_file_name_override); + } if ( ! $this->is_allowed_filetype(TRUE)) { $this->set_error('upload_invalid_filetype'); - return FALSE; + return FALSE; } } - + // Convert the file size to kilobytes if ($this->file_size > 0) { @@ -244,7 +255,7 @@ class CI_Upload { // Sanitize the file name for security $this->file_name = $this->clean_file_name($this->file_name); - + // Truncate the file name if it's too long if ($this->max_filename > 0) { @@ -268,7 +279,7 @@ class CI_Upload { if ($this->overwrite == FALSE) { $this->file_name = $this->set_filename($this->upload_path, $this->file_name); - + if ($this->file_name === FALSE) { return FALSE; @@ -276,6 +287,21 @@ class CI_Upload { } /* + * Run the file through the XSS hacking filter + * This helps prevent malicious code from being + * embedded within a file. Scripts can easily + * be disguised as images or other file types. + */ + if ($this->xss_clean) + { + if ($this->do_xss_clean() === FALSE) + { + $this->set_error('upload_unable_to_write_file'); + return FALSE; + } + } + + /* * Move the file to the final destination * To deal with different server configurations * we'll attempt to use copy() first. If that fails @@ -286,21 +312,10 @@ class CI_Upload { { if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)) { - $this->set_error('upload_destination_error'); - return FALSE; + $this->set_error('upload_destination_error'); + return FALSE; } } - - /* - * Run the file through the XSS hacking filter - * This helps prevent malicious code from being - * embedded within a file. Scripts can easily - * be disguised as images or other file types. - */ - if ($this->xss_clean == TRUE) - { - $this->do_xss_clean(); - } /* * Set the finalized image dimensions @@ -312,19 +327,18 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Finalized Data Array - * + * * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * - * @access public * @return array - */ - function data() + */ + public function data() { return array ( 'file_name' => $this->file_name, @@ -343,24 +357,23 @@ class CI_Upload { 'image_size_str' => $this->image_size_str, ); } - + // -------------------------------------------------------------------- - + /** * Set Upload Path * - * @access public * @param string * @return void - */ - function set_upload_path($path) + */ + public function set_upload_path($path) { // Make sure it has a trailing slash $this->upload_path = rtrim($path, '/').'/'; } - + // -------------------------------------------------------------------- - + /** * Set the file name * @@ -368,29 +381,28 @@ class CI_Upload { * existence of a file with the same name. If found, it will append a * number to the end of the filename to avoid overwriting a pre-existing file. * - * @access public * @param string * @param string * @return string - */ - function set_filename($path, $filename) + */ + public function set_filename($path, $filename) { if ($this->encrypt_name == TRUE) - { + { mt_srand(); - $filename = md5(uniqid(mt_rand())).$this->file_ext; + $filename = md5(uniqid(mt_rand())).$this->file_ext; } - + if ( ! file_exists($path.$filename)) { return $filename; } - + $filename = str_replace($this->file_ext, '', $filename); - + $new_filename = ''; for ($i = 1; $i < 100; $i++) - { + { if ( ! file_exists($path.$filename.$i.$this->file_ext)) { $new_filename = $filename.$i.$this->file_ext; @@ -408,89 +420,88 @@ class CI_Upload { return $new_filename; } } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Size * - * @access public * @param integer * @return void - */ - function set_max_filesize($n) + */ + public function set_max_filesize($n) { $this->max_size = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum File Name Length * - * @access public * @param integer * @return void - */ - function set_max_filename($n) + */ + public function set_max_filename($n) { $this->max_filename = ((int) $n < 0) ? 0: (int) $n; } // -------------------------------------------------------------------- - + /** * Set Maximum Image Width * - * @access public * @param integer * @return void - */ - function set_max_width($n) + */ + public function set_max_width($n) { $this->max_width = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Maximum Image Height * - * @access public * @param integer * @return void - */ - function set_max_height($n) + */ + public function set_max_height($n) { $this->max_height = ((int) $n < 0) ? 0: (int) $n; } - + // -------------------------------------------------------------------- - + /** * Set Allowed File Types * - * @access public * @param string * @return void - */ - function set_allowed_types($types) + */ + public function set_allowed_types($types) { + if ( ! is_array($types) && $types == '*') + { + $this->allowed_types = '*'; + return; + } $this->allowed_types = explode('|', $types); } - + // -------------------------------------------------------------------- - + /** * Set Image Properties * * Uses GD to determine the width/height/type of image * - * @access public * @param string * @return void - */ - function set_image_properties($path = '') + */ + public function set_image_properties($path = '') { if ( ! $this->is_image()) { @@ -500,7 +511,7 @@ class CI_Upload { if (function_exists('getimagesize')) { if (FALSE !== ($D = @getimagesize($path))) - { + { $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); $this->image_width = $D['0']; @@ -510,45 +521,43 @@ class CI_Upload { } } } - + // -------------------------------------------------------------------- - + /** * Set XSS Clean * * Enables the XSS flag so that the file that was uploaded * will be run through the XSS filter. * - * @access public * @param bool * @return void */ - function set_xss_clean($flag = FALSE) + public function set_xss_clean($flag = FALSE) { $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Validate the image * - * @access public * @return bool - */ - function is_image() + */ + public function is_image() { // IE will sometimes return odd mime-types during upload, so here we just standardize all // jpegs or pngs to the same file type. $png_mimes = array('image/x-png'); $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg'); - + if (in_array($this->file_type, $png_mimes)) { $this->file_type = 'image/png'; } - + if (in_array($this->file_type, $jpeg_mimes)) { $this->file_type = 'image/jpeg'; @@ -558,29 +567,33 @@ class CI_Upload { 'image/gif', 'image/jpeg', 'image/png', - ); + ); return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the filetype is allowed * - * @access public * @return bool - */ - function is_allowed_filetype($ignore_mime = FALSE) + */ + public function is_allowed_filetype($ignore_mime = FALSE) { + if ($this->allowed_types == '*') + { + return TRUE; + } + if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) { $this->set_error('upload_no_file_types'); return FALSE; } - + $ext = strtolower(ltrim($this->file_ext, '.')); - + if ( ! in_array($ext, $this->allowed_types)) { return FALSE; @@ -594,40 +607,39 @@ class CI_Upload { if (getimagesize($this->file_temp) === FALSE) { return FALSE; - } + } } if ($ignore_mime === TRUE) { return TRUE; } - + $mime = $this->mimes_types($ext); - + if (is_array($mime)) { if (in_array($this->file_type, $mime, TRUE)) { return TRUE; - } + } } elseif ($mime == $this->file_type) { return TRUE; } - + return FALSE; } - + // -------------------------------------------------------------------- - + /** * Verify that the file is within the allowed size * - * @access public * @return bool - */ - function is_allowed_filesize() + */ + public function is_allowed_filesize() { if ($this->max_size != 0 AND $this->file_size > $this->max_size) { @@ -638,16 +650,15 @@ class CI_Upload { return TRUE; } } - + // -------------------------------------------------------------------- - + /** * Verify that the image is within the allowed width/height * - * @access public * @return bool - */ - function is_allowed_dimensions() + */ + public function is_allowed_dimensions() { if ( ! $this->is_image()) { @@ -673,26 +684,25 @@ class CI_Upload { return TRUE; } - + // -------------------------------------------------------------------- - + /** * Validate Upload Path * * Verifies that it is a valid upload path with proper permissions. * * - * @access public * @return bool - */ - function validate_upload_path() + */ + public function validate_upload_path() { if ($this->upload_path == '') { $this->set_error('upload_no_filepath'); return FALSE; } - + if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace("\\", "/", realpath($this->upload_path)); @@ -713,32 +723,30 @@ class CI_Upload { $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); return TRUE; } - + // -------------------------------------------------------------------- - + /** * Extract the file extension * - * @access public * @param string * @return string - */ - function get_extension($filename) + */ + public function get_extension($filename) { $x = explode('.', $filename); return '.'.end($x); - } - + } + // -------------------------------------------------------------------- - + /** * Clean the file name for security * - * @access public * @param string * @return string - */ - function clean_file_name($filename) + */ + public function clean_file_name($filename) { $bad = array( "<!--", @@ -756,40 +764,39 @@ class CI_Upload { "%20", "%22", "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; + "%253c", // < + "%3e", // > + "%0e", // > + "%28", // ( + "%29", // ) + "%2528", // ( + "%26", // & + "%24", // $ + "%3f", // ? + "%3b", // ; "%3d" // = ); - + $filename = str_replace($bad, '', $filename); return stripslashes($filename); } // -------------------------------------------------------------------- - + /** * Limit the File Name Length * - * @access public * @param string * @return string - */ - function limit_filename_length($filename, $length) + */ + public function limit_filename_length($filename, $length) { if (strlen($filename) < $length) { return $filename; } - + $ext = ''; if (strpos($filename, '.') !== FALSE) { @@ -797,12 +804,12 @@ class CI_Upload { $ext = '.'.array_pop($parts); $filename = implode('.', $parts); } - + return substr($filename, 0, ($length - strlen($ext))).$ext; } // -------------------------------------------------------------------- - + /** * Runs the file through the XSS clean function * @@ -810,59 +817,93 @@ class CI_Upload { * I'm not sure that it won't negatively affect certain files in unexpected ways, * but so far I haven't found that it causes trouble. * - * @access public * @return void - */ - function do_xss_clean() - { - $file = $this->upload_path.$this->file_name; - + */ + public function do_xss_clean() + { + $file = $this->file_temp; + if (filesize($file) == 0) { return FALSE; } + if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '') + { + $current = ini_get('memory_limit') * 1024 * 1024; + + // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output + // into scientific notation. number_format() ensures this number is an integer + // http://bugs.php.net/bug.php?id=43053 + + $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); + + ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net + } + + // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but + // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone + // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this + // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of + // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an + // attempted XSS attack. + + if (function_exists('getimagesize') && @getimagesize($file) !== FALSE) + { + if (($file = @fopen($file, 'rb')) === FALSE) // "b" to force binary + { + return FALSE; // Couldn't open the file, return FALSE + } + + $opening_bytes = fread($file, 256); + fclose($file); + + // These are known to throw IE into mime-type detection chaos + // <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title + // title is basically just in SVG, but we filter it anyhow + + if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes)) + { + return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good + } + } + if (($data = @file_get_contents($file)) === FALSE) { return FALSE; } - - if ( ! $fp = @fopen($file, FOPEN_READ_WRITE)) + + $CI =& get_instance(); + + if ( ! isset($CI->security)) { - return FALSE; + $CI->load->library('security'); } - $CI =& get_instance(); - $data = $CI->input->xss_clean($data); - - flock($fp, LOCK_EX); - fwrite($fp, $data); - flock($fp, LOCK_UN); - fclose($fp); + return $CI->security->xss_clean($data, TRUE); } - + // -------------------------------------------------------------------- - + /** * Set an error message * - * @access public * @param string * @return void - */ - function set_error($msg) + */ + public function set_error($msg) { - $CI =& get_instance(); + $CI =& get_instance(); $CI->lang->load('upload'); - + if (is_array($msg)) { foreach ($msg as $val) { - $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val); + $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); - } + } } else { @@ -871,44 +912,42 @@ class CI_Upload { log_message('error', $msg); } } - + // -------------------------------------------------------------------- - + /** * Display the error message * - * @access public * @param string * @param string * @return string - */ - function display_errors($open = '<p>', $close = '</p>') + */ + public function display_errors($open = '<p>', $close = '</p>') { $str = ''; foreach ($this->error_msg as $val) { $str .= $open.$val.$close; } - + return $str; } - + // -------------------------------------------------------------------- - + /** * List of Mime Types * * This is a list of mime types. We use it to validate * the "allowed types" set by the developer * - * @access public * @param string * @return string - */ - function mimes_types($mime) + */ + public function mimes_types($mime) { global $mimes; - + if (count($this->mimes) == 0) { if (@require_once(APPPATH.'config/mimes'.EXT)) @@ -917,25 +956,24 @@ class CI_Upload { unset($mimes); } } - + return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime]; } // -------------------------------------------------------------------- - + /** * Prep Filename * * Prevents possible script execution from Apache's handling of files multiple extensions * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext * - * @access private * @param string * @return string */ - function _prep_filename($filename) + protected function _prep_filename($filename) { - if (strpos($filename, '.') === FALSE) + if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*') { return $filename; } @@ -957,7 +995,7 @@ class CI_Upload { } $filename .= '.'.$ext; - + return $filename; } |