From 23719ab569c9c8d6b791f65d7861daba3895ddcb Mon Sep 17 00:00:00 2001
From: Hunter Wu <hunter.wu@gmail.com>
Date: Thu, 1 Aug 2013 23:15:13 +0800
Subject: Add windows filename rule as an option for upload files

---
 system/core/Security.php | 51 ++++++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 19 deletions(-)

(limited to 'system/core/Security.php')

diff --git a/system/core/Security.php b/system/core/Security.php
index 196d61144..cd1cb1ab4 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php
@@ -114,6 +114,36 @@ class CI_Security {
 		"([\"'])?data\s*:[^\\1]*?base64[^\\1]*?,[^\\1]*?\\1?"
 	);
 
+	/**
+	 * List of bad chars for sanitize filename
+	 *
+	 * @var	array
+	 */
+	private $_filename_bad_str_rules = array(
+		'default' => array(
+			'../', '<!--', '-->', '<', '>',
+			"'", '"', '&', '$', '#',
+			'{', '}', '[', ']', '=',
+			';', '?', '%20', '%22',
+			'%3c',		// <
+			'%253c',	// <
+			'%3e',		// >
+			'%0e',		// >
+			'%28',		// (
+			'%29',		// )
+			'%2528',	// (
+			'%26',		// &
+			'%24',		// $
+			'%3f',		// ?
+			'%3b',		// ;
+			'%3d'		// =
+		),
+		'windows' => array(
+			'\\', '/', ':', '*', '?',
+			'"', '<', '>', '|',
+		),
+	);
+
 	/**
 	 * Class constructor
 	 *
@@ -547,26 +577,9 @@ class CI_Security {
 	 * @param 	bool	$relative_path	Whether to preserve paths
 	 * @return	string
 	 */
-	public function sanitize_filename($str, $relative_path = FALSE)
+	public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default')
 	{
-		$bad = array(
-			'../', '<!--', '-->', '<', '>',
-			"'", '"', '&', '$', '#',
-			'{', '}', '[', ']', '=',
-			';', '?', '%20', '%22',
-			'%3c',		// <
-			'%253c',	// <
-			'%3e',		// >
-			'%0e',		// >
-			'%28',		// (
-			'%29',		// )
-			'%2528',	// (
-			'%26',		// &
-			'%24',		// $
-			'%3f',		// ?
-			'%3b',		// ;
-			'%3d'		// =
-		);
+		$bad = $this->_filename_bad_str_rules[$rule];
 
 		if ( ! $relative_path)
 		{
-- 
cgit v1.2.3-24-g4f1b