summaryrefslogtreecommitdiffstats
path: root/system/libraries/Upload.php
AgeCommit message (Collapse)AuthorFilesLines
2013-03-30Some cleanup related to mt_rand()vlakoff1-1/+0
- min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls
2013-02-19Fix a code comment in Upload->_file_mime_type()vlakoff1-2/+2
Availability of dangerous functions is now tested using function_usable().
2013-02-15Various cosmetic fixesvlakoff1-2/+2
2013-01-29Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename()Andrey Andreev1-48/+2
Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73.
2013-01-28Remove str_replace in returngommarah1-1/+1
2013-01-28Upload library, clean_file_name function: Fix xss bug.gommarah1-0/+7
For example: If you clear this string "%%3f3f" according to the $bad array will fail. The result will be "%3f" Because str_replace() replaces left to right. Signed-off-by: xeptor <servetozkan@live.com>
2013-01-01[ci skip] Happy new yearAndrey Andreev1-1/+1
2012-12-03Add min_width and min_height options to the Upload classAndrey Andreev1-0/+52
(manually implementing outdated PR #636)
2012-12-03[ci skip] Cleaned some spacesAndrey Andreev1-1/+0
2012-11-07Added function_usable() to common functionsAndrey Andreev1-3/+3
It is now used to check whether dangerous functions like eval() and exec() are available. It appears that the Suhosin extension (which is becoming popular) terminates script execution instead of returning e.g. FALSE when it has a function blacklisted. function_exists() checks are insufficient and our only option is to check the ini settings here. Filed an issue here: https://github.com/stefanesser/suhosin/issues/18 ... hopefully we'll be able to deal with this in a more elegant way in the future. (this commit supersedes PR #1809)
2012-11-01[ci skip] DocBlocks for Upload and Xmlrpc librariesAndrey Andreev1-31/+203
Partially fixes issue #1295
2012-11-01Manually apply PR #1594 (fixing phpdoc page-level generation/warnings)Andrey Andreev1-1/+2
Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files.
2012-10-24[ci skip] style and phpdoc-related changes (rel #1295)Andrey Andreev1-1/+3
2012-06-16Add an option to disable MIME detection in the Upload library (issue #1494)Andrey Andreev1-3/+13
2012-06-11fixesMichiel Vugteveen1-1/+1
2012-06-11fixesMichiel Vugteveen1-3/+3
2012-06-11tab fixesMichiel Vugteveen1-9/+9
2012-06-11get upload data with index keyMichiel Vugteveen1-11/+19
2012-06-07Remove some unnecessary function_exists() checks and some minor improvementsAndrey Andreev1-13/+7
2012-06-05Added get_mimes() function to system/core/Commons.php.The MIMEs array from ↵Andrey Andreev1-19/+2
config/mimes.php is used by multiple core classes, libraries and helpers and each of them has implemented an own way of getting it, which is not needed and is hard to maintain. This also fixes issue #1411
2012-06-04Direct return from mimes config, instead of using global $mimes;Phil Sturgeon1-4/+2
Global variables are generally a terrible idea, especially for something as simple as this. The mimes.php now returns an array instead of just injecting a variable name into the global namespace.
2012-06-04Revert/optimize some changes from 773ccc318f2769c9b7579630569b5d8ba47b114b ↵Andrey Andreev1-2/+2
and d261b1e89c3d4d5191036d5a5660ef6764e593a0
2012-06-02Replaced `==` with `===` and `!=` with `!==` in /system/librariesAlex Bilbie1-14/+14
2012-05-24Fix issues #44 & #110Andrey Andreev1-0/+2
2012-05-17Clean up the librariesAndrey Andreev1-2/+2
2012-05-11Fix issue #1349Andrey Andreev1-1/+1
2012-05-05Added a return false if an image doesn't pass XSS cleaning to prevent ↵Wes Baker1-1/+5
file_get_contents from returning a NULL and passing through unscathed.
2012-03-26Remove access description lines and cleanup the Upload libraryAndrey Andreev1-182/+146
2012-03-09Bumped CodeIgniter's PHP requirement to 5.2.4.Phil Sturgeon1-1/+1
Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway...
2012-03-04Merge branch 'develop' of github.com:EllisLab/CodeIgniter into developPhil Sturgeon1-10/+8
2012-03-04Merged conflicts.Phil Sturgeon1-1/+1
2012-03-03Fixed a bug - CI_Upload::_file_mime_type() could've failed if popen() is ↵tubalmartin1-1/+1
used for the detection.
2012-03-01Fix issue #153 (E_NOTICE generated by getimagesize())Andrey Andreev1-9/+7
2012-02-29removed double slashMichiel Vugteveen1-1/+1
2012-02-29Merged in 2.1-stable changes.Phil Sturgeon1-23/+80
2012-01-02Updating copyright date to 2012Greg Aker1-1/+1
2011-12-27Revert "Abstracting the loading of files in the config directory depending ↵Greg Aker1-5/+10
on environments." This reverts commit 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a.
2011-12-25Abstracting the loading of files in the config directory depending on ↵Greg Aker1-10/+5
environments.
2011-12-21Also replace old-style 'var' with 'public'Andrey Andreev1-2/+2
2011-12-19Add method visibility declarations and optimize display_errors() method in ↵Andrey Andreev1-8/+2
Image_lib, Trackback and Upload libraries
2011-12-13Tweak MIME regular expression check againAndrey Andreev1-1/+1
2011-12-11Fix regular expression for validating MIME type stringAndrey Andreev1-1/+1
2011-12-09Improve CI_Upload::_file_mime_type()Andrey Andreev1-24/+78
2011-12-02Update a comment, just to be clearerAndrey Andreev1-1/+1
2011-12-02Hotfix for a file type detection bug in the Upload libraryAndrey Andreev1-2/+5
2011-11-23tmp_path does not exists, should be tmp_nameMichiel Vugteveen1-1/+1
2011-11-22Merge master (2.1.0) and fixed conflicts.Phil Sturgeon1-2/+2
2011-10-27Change Windows OS detection approachAndrey Andreev1-1/+1
2011-10-27Fix an erroneus variable name and a typo in commentsAndrey Andreev1-2/+2
2011-10-27Fix alignment with tabs instead of spacesAndrey Andreev1-1/+1