diff options
Diffstat (limited to 'system/libraries/Upload.php')
| -rw-r--r-- | system/libraries/Upload.php | 298 |
1 files changed, 262 insertions, 36 deletions
diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index d381440cd..4f65c9eb1 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1,4 +1,4 @@ -<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); +<?php /** * CodeIgniter * @@ -24,6 +24,7 @@ * @since Version 1.0 * @filesource */ +defined('BASEPATH') OR exit('No direct script access allowed'); /** * File Uploading Class @@ -36,40 +37,224 @@ */ class CI_Upload { + /** + * Maximum file size + * + * @var int + */ public $max_size = 0; + + /** + * Maximum image width + * + * @var int + */ public $max_width = 0; + + /** + * Maximum image height + * + * @var int + */ public $max_height = 0; + + /** + * Minimum image width + * + * @var int + */ + public $min_width = 0; + + /** + * Minimum image height + * + * @var int + */ + public $min_height = 0; + + /** + * Maximum filename length + * + * @var int + */ public $max_filename = 0; + + /** + * Maximum duplicate filename increment ID + * + * @var int + */ public $max_filename_increment = 100; + + /** + * Allowed file types + * + * @var string + */ public $allowed_types = ''; + + /** + * Temporary filename + * + * @var string + */ public $file_temp = ''; + + /** + * Filename + * + * @var string + */ public $file_name = ''; + + /** + * Original filename + * + * @var string + */ public $orig_name = ''; + + /** + * File type + * + * @var string + */ public $file_type = ''; - public $file_size = ''; + + /** + * File size + * + * @var int + */ + public $file_size = NULL; + + /** + * Filename extension + * + * @var string + */ public $file_ext = ''; + + /** + * Upload path + * + * @var string + */ public $upload_path = ''; + + /** + * Overwrite flag + * + * @var bool + */ public $overwrite = FALSE; + + /** + * Obfuscate filename flag + * + * @var bool + */ public $encrypt_name = FALSE; + + /** + * Is image flag + * + * @var bool + */ public $is_image = FALSE; - public $image_width = ''; - public $image_height = ''; + + /** + * Image width + * + * @var int + */ + public $image_width = NULL; + + /** + * Image height + * + * @var int + */ + public $image_height = NULL; + + /** + * Image type + * + * @var string + */ public $image_type = ''; + + /** + * Image size string + * + * @var string + */ public $image_size_str = ''; + + /** + * Error messages list + * + * @var array + */ public $error_msg = array(); + + /** + * MIME types list + * + * @var array + */ public $mimes = array(); + + /** + * Remove spaces flag + * + * @var bool + */ public $remove_spaces = TRUE; + + /** + * MIME detection flag + * + * @var bool + */ public $detect_mime = TRUE; + + /** + * XSS filter flag + * + * @var bool + */ public $xss_clean = FALSE; + + /** + * Temporary filename prefix + * + * @var string + */ public $temp_prefix = 'temp_file_'; + + /** + * Filename sent by the client + * + * @var bool + */ public $client_name = ''; + // -------------------------------------------------------------------- + + /** + * Filename override + * + * @var string + */ protected $_file_name_override = ''; + // -------------------------------------------------------------------- + /** * Constructor * - * @param array + * @param array $props * @return void */ public function __construct($props = array()) @@ -89,7 +274,7 @@ class CI_Upload { /** * Initialize preferences * - * @param array + * @param array $config * @return void */ public function initialize($config = array()) @@ -98,6 +283,8 @@ class CI_Upload { 'max_size' => 0, 'max_width' => 0, 'max_height' => 0, + 'min_width' => 0, + 'min_height' => 0, 'max_filename' => 0, 'max_filename_increment' => 100, 'allowed_types' => '', @@ -105,14 +292,14 @@ class CI_Upload { 'file_name' => '', 'orig_name' => '', 'file_type' => '', - 'file_size' => '', + 'file_size' => NULL, 'file_ext' => '', 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, 'is_image' => FALSE, - 'image_width' => '', - 'image_height' => '', + 'image_width' => NULL, + 'image_height' => NULL, 'image_type' => '', 'image_size_str' => '', 'error_msg' => array(), @@ -123,7 +310,6 @@ class CI_Upload { 'client_name' => '' ); - foreach ($defaults as $key => $val) { if (isset($config[$key])) @@ -154,6 +340,7 @@ class CI_Upload { /** * Perform the file upload * + * @param string $field * @return bool */ public function do_upload($field = 'userfile') @@ -355,7 +542,7 @@ class CI_Upload { * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * - * @param string + * @param string $index * @return mixed */ public function data($index = NULL) @@ -390,7 +577,7 @@ class CI_Upload { /** * Set Upload Path * - * @param string + * @param string $path * @return void */ public function set_upload_path($path) @@ -408,8 +595,8 @@ class CI_Upload { * existence of a file with the same name. If found, it will append a * number to the end of the filename to avoid overwriting a pre-existing file. * - * @param string - * @param string + * @param string $path + * @param string $filename * @return string */ public function set_filename($path, $filename) @@ -453,7 +640,7 @@ class CI_Upload { /** * Set Maximum File Size * - * @param int + * @param int $n * @return void */ public function set_max_filesize($n) @@ -466,7 +653,7 @@ class CI_Upload { /** * Set Maximum File Name Length * - * @param int + * @param int $n * @return void */ public function set_max_filename($n) @@ -479,7 +666,7 @@ class CI_Upload { /** * Set Maximum Image Width * - * @param int + * @param int $n * @return void */ public function set_max_width($n) @@ -492,7 +679,7 @@ class CI_Upload { /** * Set Maximum Image Height * - * @param int + * @param int $n * @return void */ public function set_max_height($n) @@ -503,9 +690,35 @@ class CI_Upload { // -------------------------------------------------------------------- /** + * Set minimum image width + * + * @param int $n + * @return void + */ + public function set_min_width($n) + { + $this->min_width = ((int) $n < 0) ? 0 : (int) $n; + } + + // -------------------------------------------------------------------- + + /** + * Set minimum image height + * + * @param int $n + * @return void + */ + public function set_min_height($n) + { + $this->min_height = ((int) $n < 0) ? 0 : (int) $n; + } + + // -------------------------------------------------------------------- + + /** * Set Allowed File Types * - * @param string + * @param string $types * @return void */ public function set_allowed_types($types) @@ -525,7 +738,7 @@ class CI_Upload { * * Uses GD to determine the width/height/type of image * - * @param string + * @param string $path * @return void */ public function set_image_properties($path = '') @@ -557,7 +770,7 @@ class CI_Upload { * Enables the XSS flag so that the file that was uploaded * will be run through the XSS filter. * - * @param bool + * @param bool $flag * @return void */ public function set_xss_clean($flag = FALSE) @@ -599,7 +812,7 @@ class CI_Upload { /** * Verify that the filetype is allowed * - * @param bool + * @param bool $ignore_mime * @return bool */ public function is_allowed_filetype($ignore_mime = FALSE) @@ -688,6 +901,16 @@ class CI_Upload { { return FALSE; } + + if ($this->min_width > 0 && $D[0] < $this->min_width) + { + return FALSE; + } + + if ($this->min_height > 0 && $D[1] < $this->min_height) + { + return FALSE; + } } return TRUE; @@ -736,7 +959,7 @@ class CI_Upload { /** * Extract the file extension * - * @param string + * @param string $filename * @return string */ public function get_extension($filename) @@ -750,7 +973,7 @@ class CI_Upload { /** * Clean the file name for security * - * @param string + * @param string $filename * @return string */ public function clean_file_name($filename) @@ -790,7 +1013,8 @@ class CI_Upload { /** * Limit the File Name Length * - * @param string + * @param string $filename + * @param int $length * @return string */ public function limit_filename_length($filename, $length) @@ -883,7 +1107,7 @@ class CI_Upload { /** * Set an error message * - * @param string + * @param string $msg * @return void */ public function set_error($msg) @@ -913,8 +1137,8 @@ class CI_Upload { /** * Display the error message * - * @param string - * @param string + * @param string $open + * @param string $close * @return string */ public function display_errors($open = '<p>', $close = '</p>') @@ -930,7 +1154,7 @@ class CI_Upload { * This is a list of mime types. We use it to validate * the "allowed types" set by the developer * - * @param string + * @param string $mime * @return string */ public function mimes_types($mime) @@ -943,10 +1167,12 @@ class CI_Upload { /** * Prep Filename * - * Prevents possible script execution from Apache's handling of files multiple extensions - * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext + * Prevents possible script execution from Apache's handling + * of files' multiple extensions. + * + * @link http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext * - * @param string + * @param string $filename * @return string */ protected function _prep_filename($filename) @@ -983,7 +1209,7 @@ class CI_Upload { * Detects the (actual) MIME type of the uploaded file, if possible. * The input array is expected to be $_FILES[$field] * - * @param array + * @param array $file * @return void */ protected function _file_mime_type($file) @@ -1033,7 +1259,7 @@ class CI_Upload { ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1' : 'file --brief --mime '.$file['tmp_name'].' 2>&1'; - if (function_exists('exec')) + if (function_usable('exec')) { /* This might look confusing, as $mime is being populated with all of the output when set in the second parameter. * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites @@ -1048,7 +1274,7 @@ class CI_Upload { } } - if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) + if ( (bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) @@ -1062,7 +1288,7 @@ class CI_Upload { } } - if (function_exists('popen')) + if (function_usable('popen')) { $proc = @popen($cmd, 'r'); if (is_resource($proc)) |