From ccbbea1eaa8a0dd26aa05a0d860fda550f7dd7a8 Mon Sep 17 00:00:00 2001 From: Adam Jackett Date: Sun, 21 Aug 2011 16:19:11 -0400 Subject: Fixed issue #26. Added max_filename_increment as a config setting. --- system/libraries/Upload.php | 54 +++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 26 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3177424c4..8f324de79 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -30,6 +30,7 @@ class CI_Upload { public $max_width = 0; public $max_height = 0; public $max_filename = 0; + public $max_filename_increment = 100; public $allowed_types = ""; public $file_temp = ""; public $file_name = ""; @@ -80,31 +81,32 @@ class CI_Upload { public function initialize($config = array()) { $defaults = array( - 'max_size' => 0, - 'max_width' => 0, - 'max_height' => 0, - 'max_filename' => 0, - 'allowed_types' => "", - 'file_temp' => "", - 'file_name' => "", - 'orig_name' => "", - 'file_type' => "", - 'file_size' => "", - 'file_ext' => "", - 'upload_path' => "", - 'overwrite' => FALSE, - 'encrypt_name' => FALSE, - 'is_image' => FALSE, - 'image_width' => '', - 'image_height' => '', - 'image_type' => '', - 'image_size_str' => '', - 'error_msg' => array(), - 'mimes' => array(), - 'remove_spaces' => TRUE, - 'xss_clean' => FALSE, - 'temp_prefix' => "temp_file_", - 'client_name' => '' + 'max_size' => 0, + 'max_width' => 0, + 'max_height' => 0, + 'max_filename' => 0, + 'max_filename_increment' => 100, + 'allowed_types' => "", + 'file_temp' => "", + 'file_name' => "", + 'orig_name' => "", + 'file_type' => "", + 'file_size' => "", + 'file_ext' => "", + 'upload_path' => "", + 'overwrite' => FALSE, + 'encrypt_name' => FALSE, + 'is_image' => FALSE, + 'image_width' => '', + 'image_height' => '', + 'image_type' => '', + 'image_size_str' => '', + 'error_msg' => array(), + 'mimes' => array(), + 'remove_spaces' => TRUE, + 'xss_clean' => FALSE, + 'temp_prefix' => "temp_file_", + 'client_name' => '' ); @@ -402,7 +404,7 @@ class CI_Upload { $filename = str_replace($this->file_ext, '', $filename); $new_filename = ''; - for ($i = 1; $i < 100; $i++) + for ($i = 1; $i < $this->max_filename_increment; $i++) { if ( ! file_exists($path.$filename.$i.$this->file_ext)) { -- cgit v1.2.3-24-g4f1b From 3a3c947790d3d072e14de2b5d21ae43743947ce8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:25:33 +0300 Subject: Added _file_mime_type() method to system/libraries/Upload.php in order to fix a possible MIME-type injection (issue #60) --- system/libraries/Upload.php | 68 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 8f324de79..fcfd89915 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -198,7 +198,8 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']); + $this->_file_mime_type($_FILES[$field]); + $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); @@ -1008,8 +1009,71 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * File MIME type + * + * Detects the (actual) MIME type of the uploaded file, if possible. + * The input array is expected to be $_FILES[$field] + * + * @param array + * @return void + */ + protected function _file_mime_type($file) + { + $file_type = ''; + + // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) + if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + { + $finfo = new finfo(FILEINFO_MIME_TYPE); + if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system + { + $file_type = $finfo->file($file['tmp_name']); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database. + */ + if (strlen($file_type) > 1) + { + $this->file_type = $file_info; + return; + } + } + } + + // Fall back to the deprecated mime_content_type(), if available + if (function_exists('mime_content_type')) + { + $this->file_type = @mime_content_type($file['tmp_name']); + return; + } + + /* This is an ugly hack, but UNIX-type systems provide a native way to detect the file type, + * which is still more secure than depending on the value of $_FILES[$field]['type']. + * + * Notes: + * - a 'W' in the substr() expression bellow, would mean that we're using Windows + * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check + */ + if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + { + $output = array(); + @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); + if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution + { + $this->file_type = rtrim($output[0]); + return; + } + } + + $this->file_type = $file['type']; + } + + // -------------------------------------------------------------------- + } // END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From 77870b53059d1ee3d761ee54bc5042c560430e36 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:35:10 +0300 Subject: Remove an unnecessary variable initialization --- system/libraries/Upload.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fcfd89915..a16d5f65d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1020,8 +1020,6 @@ class CI_Upload { */ protected function _file_mime_type($file) { - $file_type = ''; - // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) { -- cgit v1.2.3-24-g4f1b From 420fe0721944ad58a3199b31c92cd896499c8ed1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 14:45:44 +0300 Subject: Fix alignment with tabs instead of spaces --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a16d5f65d..324747e80 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1060,7 +1060,7 @@ class CI_Upload { @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); if ($return_code === 0 && strlen($output[0]) > 0) // A return status code != 0 would mean failed execution { - $this->file_type = rtrim($output[0]); + $this->file_type = rtrim($output[0]); return; } } -- cgit v1.2.3-24-g4f1b From 2cec39f2c221d2acab5dbd830b6dd64db01b24d9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 24 Sep 2011 22:59:37 +0300 Subject: Fix an erroneus variable name and a typo in comments --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 324747e80..67551fbbd 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1030,11 +1030,11 @@ class CI_Upload { /* According to the comments section of the PHP manual page, * it is possible that this function returns an empty string - * for some files (e.g. if they don't exist in the magic MIME database. + * for some files (e.g. if they don't exist in the magic MIME database) */ if (strlen($file_type) > 1) { - $this->file_type = $file_info; + $this->file_type = $file_type; return; } } -- cgit v1.2.3-24-g4f1b From f300fb27a54c4eb6018dffb77a5e541416ffa5c2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 26 Sep 2011 10:27:25 +0300 Subject: Use CI's is_php() instead of comparing against phpversion() --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 67551fbbd..fc3de0329 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1021,7 +1021,7 @@ class CI_Upload { protected function _file_mime_type($file) { // Use if the Fileinfo extension, if available (only versions above 5.3 support the FILEINFO_MIME_TYPE flag) - if ( (float) substr(phpversion(), 0, 3) >= 5.3 && function_exists('finfo_file')) + if (is_php('5.3') && function_exists('finfo_file')) { $finfo = new finfo(FILEINFO_MIME_TYPE); if ($finfo !== FALSE) // This is possible, if there is no magic MIME database file found on the system -- cgit v1.2.3-24-g4f1b From 8b3cf634d94cdd8a11b1f1fcec69bdc2a0f5e71b Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 4 Oct 2011 18:27:32 +0300 Subject: Change Windows OS detection approach --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fc3de0329..045283f96 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1054,7 +1054,7 @@ class CI_Upload { * - a 'W' in the substr() expression bellow, would mean that we're using Windows * - many system admins would disable the exec() function due to security concerns, hence the function_exists() check */ - if (substr(PHP_OS, 0, 1) !== 'W' && function_exists('exec')) + if (DIRECTORY_SEPARATOR !== '\\' && function_exists('exec')) { $output = array(); @exec('file --brief --mime-type ' . escapeshellarg($file['tmp_path']), $output, $return_code); -- cgit v1.2.3-24-g4f1b From f4a4bd8fac188ebc9cda822ffc811c218fd92b45 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Thu, 20 Oct 2011 12:18:42 -0500 Subject: adding new license file (OSL 3.0) and updating readme to ReST added notice of license to all source files. OSL to all except the few files we ship inside of the application folder, those are AFL. Updated license in user guide. incrementing next dev version to 3.0 due to licensing change --- system/libraries/Upload.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 045283f96..56062befb 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -4,10 +4,22 @@ * * An open source application development framework for PHP 5.1.6 or newer * + * NOTICE OF LICENSE + * + * Licensed under the Open Software License version 3.0 + * + * This source file is subject to the Open Software License (OSL 3.0) that is + * bundled with this package in the files license.txt / license.rst. It is + * also available through the world wide web at this URL: + * http://opensource.org/licenses/OSL-3.0 + * If you did not receive a copy of the license and are unable to obtain it + * through the world wide web, please send an email to + * licensing@ellislab.com so we can send you a copy immediately. + * * @package CodeIgniter - * @author ExpressionEngine Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. - * @license http://codeigniter.com/user_guide/license.html + * @author EllisLab Dev Team + * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 * @filesource @@ -21,7 +33,7 @@ * @package CodeIgniter * @subpackage Libraries * @category Uploads - * @author ExpressionEngine Dev Team + * @author EllisLab Dev Team * @link http://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { -- cgit v1.2.3-24-g4f1b From 4eea9895e8ced75a1099c56215c09773de94b92c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 19 Dec 2011 12:05:41 +0200 Subject: Add method visibility declarations and optimize display_errors() method in Image_lib, Trackback and Upload libraries --- system/libraries/Upload.php | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 66e91c5b6..ab97d1a0f 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -934,13 +934,7 @@ class CI_Upload { */ public function display_errors($open = '

', $close = '

') { - $str = ''; - foreach ($this->error_msg as $val) - { - $str .= $open.$val.$close; - } - - return $str; + return (count($this->error_msg) > 0) ? $open . implode($close . $open, $this->error_msg) . $close : ''; } // -------------------------------------------------------------------- @@ -1086,4 +1080,4 @@ class CI_Upload { // END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From 3a45957a30ff908445b2772efac8fdb65b64e6cd Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 21 Dec 2011 11:23:11 +0200 Subject: Also replace old-style 'var' with 'public' --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index ab97d1a0f..826bcceb8 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -5,9 +5,9 @@ * An open source application development framework for PHP 5.1.6 or newer * * NOTICE OF LICENSE - * + * * Licensed under the Open Software License version 3.0 - * + * * This source file is subject to the Open Software License (OSL 3.0) that is * bundled with this package in the files license.txt / license.rst. It is * also available through the world wide web at this URL: -- cgit v1.2.3-24-g4f1b From 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 25 Dec 2011 01:24:29 -0600 Subject: Abstracting the loading of files in the config directory depending on environments. --- system/libraries/Upload.php | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 826bcceb8..5108afa1b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -952,17 +952,12 @@ class CI_Upload { { global $mimes; - if (count($this->mimes) == 0) + if (count($this->mimes) === 0) { - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) - { - include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); - } - elseif (is_file(APPPATH.'config/mimes.php')) - { - include(APPPATH.'config//mimes.php'); - } - else + load_environ_config('mimes'); + + // Return FALSE if we still have no mimes after trying to load them up. + if (count($this->mimes) === 0) { return FALSE; } -- cgit v1.2.3-24-g4f1b From d96f88277c1e9a4c069c2e2ee3d779385549f31a Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Tue, 27 Dec 2011 16:23:47 -0600 Subject: Revert "Abstracting the loading of files in the config directory depending on environments." This reverts commit 5c1aa631c5f5ec2f6b75ba1158178418e50ba11a. --- system/libraries/Upload.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 5108afa1b..826bcceb8 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -952,12 +952,17 @@ class CI_Upload { { global $mimes; - if (count($this->mimes) === 0) + if (count($this->mimes) == 0) { - load_environ_config('mimes'); - - // Return FALSE if we still have no mimes after trying to load them up. - if (count($this->mimes) === 0) + if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) + { + include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); + } + elseif (is_file(APPPATH.'config/mimes.php')) + { + include(APPPATH.'config//mimes.php'); + } + else { return FALSE; } -- cgit v1.2.3-24-g4f1b From 0defe5d33ee2633f377a109519ca818becc60f64 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Sun, 1 Jan 2012 18:46:41 -0600 Subject: Updating copyright date to 2012 --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 826bcceb8..0c63886e7 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From b57832690574b913c3224b4407427db00dfe7fed Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Wed, 29 Feb 2012 15:40:28 +0100 Subject: removed double slash --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 82383f658..0b853233d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -960,7 +960,7 @@ class CI_Upload { } elseif (is_file(APPPATH.'config/mimes.php')) { - include(APPPATH.'config//mimes.php'); + include(APPPATH.'config/mimes.php'); } else { -- cgit v1.2.3-24-g4f1b From 6ca407e22104d9ba3ef729c840b7dee903df1531 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 1 Mar 2012 15:33:21 +0200 Subject: Fix issue #153 (E_NOTICE generated by getimagesize()) --- system/libraries/Upload.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 0b853233d..ac29c1bdd 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1,4 +1,4 @@ -allowed_types == '*') + if ($this->allowed_types === '*') { return TRUE; } - if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) + if ( ! is_array($this->allowed_types) OR count($this->allowed_types) === 0) { $this->set_error('upload_no_file_types'); return FALSE; @@ -618,12 +619,9 @@ class CI_Upload { // Images get some additional checks $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - if (in_array($ext, $image_types)) + if (in_array($ext, $image_types) && @getimagesize($this->file_temp) === FALSE) { - if (getimagesize($this->file_temp) === FALSE) - { - return FALSE; - } + return FALSE; } if ($ignore_mime === TRUE) @@ -640,7 +638,7 @@ class CI_Upload { return TRUE; } } - elseif ($mime == $this->file_type) + elseif ($mime === $this->file_type) { return TRUE; } -- cgit v1.2.3-24-g4f1b From 07c1ac830b4e98aa40f48baef3dd05fb68c0a836 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Fri, 9 Mar 2012 17:03:37 +0000 Subject: Bumped CodeIgniter's PHP requirement to 5.2.4. Yes I know PHP 5.4 just came out, and yes I know PHP 5.3 has lovely features, but there are plenty of corporate systems running on CodeIgniter and PHP 5.3 still is not widely supported enough. CodeIgniter is great for distributed applications, and this is the highest we can reasonably go without breaking support. PHP 5.3 will most likely happen in another year or so. Fingers crossed on that one anyway... --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 89575c849..42664a587 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -2,7 +2,7 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.1.6 or newer + * An open source application development framework for PHP 5.2.4 or newer * * NOTICE OF LICENSE * -- cgit v1.2.3-24-g4f1b From 8e6f7a9145bd6cc571ae69541ae4b9040cf88f69 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 26 Mar 2012 20:13:00 +0300 Subject: Remove access description lines and cleanup the Upload library --- system/libraries/Upload.php | 328 ++++++++++++++++++++------------------------ 1 file changed, 146 insertions(+), 182 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 42664a587..8ad67050d 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -25,8 +25,6 @@ * @filesource */ -// ------------------------------------------------------------------------ - /** * File Uploading Class * @@ -38,39 +36,40 @@ */ class CI_Upload { - public $max_size = 0; - public $max_width = 0; - public $max_height = 0; - public $max_filename = 0; + public $max_size = 0; + public $max_width = 0; + public $max_height = 0; + public $max_filename = 0; public $max_filename_increment = 100; - public $allowed_types = ""; - public $file_temp = ""; - public $file_name = ""; - public $orig_name = ""; - public $file_type = ""; - public $file_size = ""; - public $file_ext = ""; - public $upload_path = ""; - public $overwrite = FALSE; - public $encrypt_name = FALSE; - public $is_image = FALSE; - public $image_width = ''; - public $image_height = ''; - public $image_type = ''; - public $image_size_str = ''; - public $error_msg = array(); - public $mimes = array(); - public $remove_spaces = TRUE; - public $xss_clean = FALSE; - public $temp_prefix = "temp_file_"; - public $client_name = ''; + public $allowed_types = ''; + public $file_temp = ''; + public $file_name = ''; + public $orig_name = ''; + public $file_type = ''; + public $file_size = ''; + public $file_ext = ''; + public $upload_path = ''; + public $overwrite = FALSE; + public $encrypt_name = FALSE; + public $is_image = FALSE; + public $image_width = ''; + public $image_height = ''; + public $image_type = ''; + public $image_size_str = ''; + public $error_msg = array(); + public $mimes = array(); + public $remove_spaces = TRUE; + public $xss_clean = FALSE; + public $temp_prefix = 'temp_file_'; + public $client_name = ''; protected $_file_name_override = ''; /** * Constructor * - * @access public + * @param array + * @return void */ public function __construct($props = array()) { @@ -79,7 +78,7 @@ class CI_Upload { $this->initialize($props); } - log_message('debug', "Upload Class Initialized"); + log_message('debug', 'Upload Class Initialized'); } // -------------------------------------------------------------------- @@ -93,33 +92,33 @@ class CI_Upload { public function initialize($config = array()) { $defaults = array( - 'max_size' => 0, - 'max_width' => 0, - 'max_height' => 0, - 'max_filename' => 0, - 'max_filename_increment' => 100, - 'allowed_types' => "", - 'file_temp' => "", - 'file_name' => "", - 'orig_name' => "", - 'file_type' => "", - 'file_size' => "", - 'file_ext' => "", - 'upload_path' => "", - 'overwrite' => FALSE, - 'encrypt_name' => FALSE, - 'is_image' => FALSE, - 'image_width' => '', - 'image_height' => '', - 'image_type' => '', - 'image_size_str' => '', - 'error_msg' => array(), - 'mimes' => array(), - 'remove_spaces' => TRUE, - 'xss_clean' => FALSE, - 'temp_prefix' => "temp_file_", - 'client_name' => '' - ); + 'max_size' => 0, + 'max_width' => 0, + 'max_height' => 0, + 'max_filename' => 0, + 'max_filename_increment' => 100, + 'allowed_types' => '', + 'file_temp' => '', + 'file_name' => '', + 'orig_name' => '', + 'file_type' => '', + 'file_size' => '', + 'file_ext' => '', + 'upload_path' => '', + 'overwrite' => FALSE, + 'encrypt_name' => FALSE, + 'is_image' => FALSE, + 'image_width' => '', + 'image_height' => '', + 'image_type' => '', + 'image_size_str' => '', + 'error_msg' => array(), + 'mimes' => array(), + 'remove_spaces' => TRUE, + 'xss_clean' => FALSE, + 'temp_prefix' => 'temp_file_', + 'client_name' => '' + ); foreach ($defaults as $key => $val) @@ -156,8 +155,7 @@ class CI_Upload { */ public function do_upload($field = 'userfile') { - - // Is $_FILES[$field] set? If not, no reason to continue. + // Is $_FILES[$field] set? If not, no reason to continue. if ( ! isset($_FILES[$field])) { $this->set_error('upload_no_file_selected'); @@ -176,7 +174,7 @@ class CI_Upload { { $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error']; - switch($error) + switch ($error) { case 1: // UPLOAD_ERR_INI_SIZE $this->set_error('upload_file_exceeds_limit'); @@ -199,19 +197,19 @@ class CI_Upload { case 8: // UPLOAD_ERR_EXTENSION $this->set_error('upload_stopped_by_extension'); break; - default : $this->set_error('upload_no_file_selected'); + default: + $this->set_error('upload_no_file_selected'); break; } return FALSE; } - // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; $this->_file_mime_type($_FILES[$field]); - $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type); + $this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); $this->file_ext = $this->get_extension($this->file_name); @@ -234,11 +232,10 @@ class CI_Upload { { $this->file_name .= $this->file_ext; } - - // An extension was provided, lets have it! else { - $this->file_ext = $this->get_extension($this->_file_name_override); + // An extension was provided, lets have it! + $this->file_ext = $this->get_extension($this->_file_name_override); } if ( ! $this->is_allowed_filetype(TRUE)) @@ -281,7 +278,7 @@ class CI_Upload { // Remove white spaces in the name if ($this->remove_spaces == TRUE) { - $this->file_name = preg_replace("/\s+/", "_", $this->file_name); + $this->file_name = preg_replace('/\s+/', '_', $this->file_name); } /* @@ -305,23 +302,20 @@ class CI_Upload { /* * Run the file through the XSS hacking filter * This helps prevent malicious code from being - * embedded within a file. Scripts can easily + * embedded within a file. Scripts can easily * be disguised as images or other file types. */ - if ($this->xss_clean) + if ($this->xss_clean && $this->do_xss_clean() === FALSE) { - if ($this->do_xss_clean() === FALSE) - { - $this->set_error('upload_unable_to_write_file'); - return FALSE; - } + $this->set_error('upload_unable_to_write_file'); + return FALSE; } /* * Move the file to the final destination * To deal with different server configurations - * we'll attempt to use copy() first. If that fails - * we'll use move_uploaded_file(). One of the two should + * we'll attempt to use copy() first. If that fails + * we'll use move_uploaded_file(). One of the two should * reliably work in most environments */ if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name)) @@ -336,7 +330,7 @@ class CI_Upload { /* * Set the finalized image dimensions * This sets the image width/height (assuming the - * file was an image). We use this information + * file was an image). We use this information * in the "data" function. */ $this->set_image_properties($this->upload_path.$this->file_name); @@ -356,22 +350,22 @@ class CI_Upload { */ public function data() { - return array ( - 'file_name' => $this->file_name, - 'file_type' => $this->file_type, - 'file_path' => $this->upload_path, - 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => str_replace($this->file_ext, '', $this->file_name), - 'orig_name' => $this->orig_name, - 'client_name' => $this->client_name, - 'file_ext' => $this->file_ext, - 'file_size' => $this->file_size, - 'is_image' => $this->is_image(), - 'image_width' => $this->image_width, - 'image_height' => $this->image_height, - 'image_type' => $this->image_type, - 'image_size_str' => $this->image_size_str, - ); + return array( + 'file_name' => $this->file_name, + 'file_type' => $this->file_type, + 'file_path' => $this->upload_path, + 'full_path' => $this->upload_path.$this->file_name, + 'raw_name' => str_replace($this->file_ext, '', $this->file_name), + 'orig_name' => $this->orig_name, + 'client_name' => $this->client_name, + 'file_ext' => $this->file_ext, + 'file_size' => $this->file_size, + 'is_image' => $this->is_image(), + 'image_width' => $this->image_width, + 'image_height' => $this->image_height, + 'image_type' => $this->image_type, + 'image_size_str' => $this->image_size_str, + ); } // -------------------------------------------------------------------- @@ -442,12 +436,12 @@ class CI_Upload { /** * Set Maximum File Size * - * @param integer + * @param int * @return void */ public function set_max_filesize($n) { - $this->max_size = ((int) $n < 0) ? 0: (int) $n; + $this->max_size = ((int) $n < 0) ? 0 : (int) $n; } // -------------------------------------------------------------------- @@ -455,12 +449,12 @@ class CI_Upload { /** * Set Maximum File Name Length * - * @param integer + * @param int * @return void */ public function set_max_filename($n) { - $this->max_filename = ((int) $n < 0) ? 0: (int) $n; + $this->max_filename = ((int) $n < 0) ? 0 : (int) $n; } // -------------------------------------------------------------------- @@ -468,12 +462,12 @@ class CI_Upload { /** * Set Maximum Image Width * - * @param integer + * @param int * @return void */ public function set_max_width($n) { - $this->max_width = ((int) $n < 0) ? 0: (int) $n; + $this->max_width = ((int) $n < 0) ? 0 : (int) $n; } // -------------------------------------------------------------------- @@ -481,12 +475,12 @@ class CI_Upload { /** * Set Maximum Image Height * - * @param integer + * @param int * @return void */ public function set_max_height($n) { - $this->max_height = ((int) $n < 0) ? 0: (int) $n; + $this->max_height = ((int) $n < 0) ? 0 : (int) $n; } // -------------------------------------------------------------------- @@ -499,7 +493,7 @@ class CI_Upload { */ public function set_allowed_types($types) { - if ( ! is_array($types) && $types == '*') + if ( ! is_array($types) && $types === '*') { $this->allowed_types = '*'; return; @@ -530,10 +524,10 @@ class CI_Upload { { $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png'); - $this->image_width = $D['0']; - $this->image_height = $D['1']; - $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']]; - $this->image_size_str = $D['3']; // string containing height and width + $this->image_width = $D[0]; + $this->image_height = $D[1]; + $this->image_type = isset($types[$D[2]]) ? $types[$D[2]] : 'unknown'; + $this->image_size_str = $D[3]; // string containing height and width } } } @@ -551,7 +545,7 @@ class CI_Upload { */ public function set_xss_clean($flag = FALSE) { - $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE; + $this->xss_clean = ($flag == TRUE); } // -------------------------------------------------------------------- @@ -573,19 +567,14 @@ class CI_Upload { { $this->file_type = 'image/png'; } - - if (in_array($this->file_type, $jpeg_mimes)) + elseif (in_array($this->file_type, $jpeg_mimes)) { $this->file_type = 'image/jpeg'; } - $img_mimes = array( - 'image/gif', - 'image/jpeg', - 'image/png', - ); + $img_mimes = array('image/gif', 'image/jpeg', 'image/png'); - return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE; + return in_array($this->file_type, $img_mimes, TRUE); } // -------------------------------------------------------------------- @@ -631,16 +620,13 @@ class CI_Upload { $mime = $this->mimes_types($ext); - if (is_array($mime)) + if (is_array($mime) && in_array($this->file_type, $mime, TRUE)) { - if (in_array($this->file_type, $mime, TRUE)) - { - return TRUE; - } + return TRUE; } elseif ($mime === $this->file_type) { - return TRUE; + return TRUE; } return FALSE; @@ -655,14 +641,7 @@ class CI_Upload { */ public function is_allowed_filesize() { - if ($this->max_size != 0 AND $this->file_size > $this->max_size) - { - return FALSE; - } - else - { - return TRUE; - } + return ($this->max_size == 0 OR $this->max_size > $this->file_size); } // -------------------------------------------------------------------- @@ -683,17 +662,15 @@ class CI_Upload { { $D = @getimagesize($this->file_temp); - if ($this->max_width > 0 AND $D['0'] > $this->max_width) + if ($this->max_width > 0 && $D[0] > $this->max_width) { return FALSE; } - if ($this->max_height > 0 AND $D['1'] > $this->max_height) + if ($this->max_height > 0 && $D[1] > $this->max_height) { return FALSE; } - - return TRUE; } return TRUE; @@ -706,7 +683,6 @@ class CI_Upload { * * Verifies that it is a valid upload path with proper permissions. * - * * @return bool */ public function validate_upload_path() @@ -717,9 +693,9 @@ class CI_Upload { return FALSE; } - if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE) + if (function_exists('realpath') && @realpath($this->upload_path) !== FALSE) { - $this->upload_path = str_replace("\\", "/", realpath($this->upload_path)); + $this->upload_path = str_replace('\\', '/', realpath($this->upload_path)); } if ( ! @is_dir($this->upload_path)) @@ -734,7 +710,7 @@ class CI_Upload { return FALSE; } - $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path); + $this->upload_path = preg_replace('/(.+?)\/*$/', '\\1/', $this->upload_path); return TRUE; } @@ -763,37 +739,31 @@ class CI_Upload { public function clean_file_name($filename) { $bad = array( - "", - "'", - "<", - ">", - '"', - '&', - '$', - '=', - ';', - '?', - '/', - "%20", - "%22", - "%3c", // < - "%253c", // < - "%3e", // > - "%0e", // > - "%28", // ( - "%29", // ) - "%2528", // ( - "%26", // & - "%24", // $ - "%3f", // ? - "%3b", // ; - "%3d" // = - ); - - $filename = str_replace($bad, '', $filename); - - return stripslashes($filename); + '', + "'", '"', + '<', '>', + '&', '$', + '=', + ';', + '?', + '/', + '%20', + '%22', + '%3c', // < + '%253c', // < + '%3e', // > + '%0e', // > + '%28', // ( + '%29', // ) + '%2528', // ( + '%26', // & + '%24', // $ + '%3f', // ? + '%3b', // ; + '%3d' // = + ); + + return stripslashes(str_replace($bad, '', $filename)); } // -------------------------------------------------------------------- @@ -847,7 +817,7 @@ class CI_Upload { $current = ini_get('memory_limit') * 1024 * 1024; // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output - // into scientific notation. number_format() ensures this number is an integer + // into scientific notation. number_format() ensures this number is an integer // http://bugs.php.net/bug.php?id=43053 $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); @@ -857,8 +827,8 @@ class CI_Upload { // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone - // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this - // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of + // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this + // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an // attempted XSS attack. @@ -932,7 +902,7 @@ class CI_Upload { */ public function display_errors($open = '

', $close = '

') { - return (count($this->error_msg) > 0) ? $open . implode($close . $open, $this->error_msg) . $close : ''; + return (count($this->error_msg) > 0) ? $open.implode($close.$open, $this->error_msg).$close : ''; } // -------------------------------------------------------------------- @@ -940,7 +910,7 @@ class CI_Upload { /** * List of Mime Types * - * This is a list of mime types. We use it to validate + * This is a list of mime types. We use it to validate * the "allowed types" set by the developer * * @param string @@ -952,7 +922,7 @@ class CI_Upload { if (count($this->mimes) == 0) { - if (defined('ENVIRONMENT') AND is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) + if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); } @@ -966,10 +936,9 @@ class CI_Upload { } $this->mimes = $mimes; - unset($mimes); } - return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime]; + return isset($this->mimes[$mime]) ? $this->mimes[$mime] : FALSE; } // -------------------------------------------------------------------- @@ -1006,9 +975,7 @@ class CI_Upload { } } - $filename .= '.'.$ext; - - return $filename; + return $filename.'.'.$ext; } // -------------------------------------------------------------------- @@ -1129,10 +1096,7 @@ class CI_Upload { $this->file_type = $file['type']; } - // -------------------------------------------------------------------- - } -// END Upload Class /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ +/* Location: ./system/libraries/Upload.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From bb2c83bddbf51c42815be3de60eab24fd87ae392 Mon Sep 17 00:00:00 2001 From: Wes Baker Date: Fri, 4 May 2012 18:44:24 -0400 Subject: Added a return false if an image doesn't pass XSS cleaning to prevent file_get_contents from returning a NULL and passing through unscathed. --- system/libraries/Upload.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 8ad67050d..4a4a66f73 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -850,6 +850,10 @@ class CI_Upload { { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } + else + { + return FALSE; + } } if (($data = @file_get_contents($file)) === FALSE) @@ -1099,4 +1103,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From 46d53fb8799eb2f84798f0e7a5f57b065c2482e2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 11 May 2012 13:42:24 +0300 Subject: Fix issue #1349 --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 4a4a66f73..24d4bd4d0 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -725,7 +725,7 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return '.'.end($x); + return (count($x) !== 1) ? '.'.end($x) : ''; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 5645479c622eb36cf9869797896dc0921568c4a9 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 17 May 2012 14:32:19 +0300 Subject: Clean up the libraries --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 24d4bd4d0..271c6d21f 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1036,7 +1036,7 @@ class CI_Upload { */ if (DIRECTORY_SEPARATOR !== '\\') { - $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1'; + $cmd = 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1'; if (function_exists('exec')) { @@ -1103,4 +1103,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ +/* Location: ./system/libraries/Upload.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 470805b12a8a25faddc9caafe573c15dbd89f8ed Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 24 May 2012 21:57:21 +0300 Subject: Fix issues #44 & #110 --- system/libraries/Upload.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 271c6d21f..7456e922a 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -747,6 +747,8 @@ class CI_Upload { ';', '?', '/', + '!', + '#', '%20', '%22', '%3c', // < -- cgit v1.2.3-24-g4f1b From d261b1e89c3d4d5191036d5a5660ef6764e593a0 Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Sat, 2 Jun 2012 11:12:16 +0100 Subject: Replaced `==` with `===` and `!=` with `!==` in /system/libraries --- system/libraries/Upload.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7456e922a..e4cc54b21 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -223,7 +223,7 @@ class CI_Upload { } // if we're overriding, let's now make sure the new name and type is allowed - if ($this->_file_name_override != '') + if ($this->_file_name_override !== '') { $this->file_name = $this->_prep_filename($this->_file_name_override); @@ -276,7 +276,7 @@ class CI_Upload { } // Remove white spaces in the name - if ($this->remove_spaces == TRUE) + if ($this->remove_spaces === TRUE) { $this->file_name = preg_replace('/\s+/', '_', $this->file_name); } @@ -289,7 +289,7 @@ class CI_Upload { */ $this->orig_name = $this->file_name; - if ($this->overwrite == FALSE) + if ($this->overwrite === FALSE) { $this->file_name = $this->set_filename($this->upload_path, $this->file_name); @@ -397,7 +397,7 @@ class CI_Upload { */ public function set_filename($path, $filename) { - if ($this->encrypt_name == TRUE) + if ($this->encrypt_name === TRUE) { mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; @@ -420,7 +420,7 @@ class CI_Upload { } } - if ($new_filename == '') + if ($new_filename === '') { $this->set_error('upload_bad_filename'); return FALSE; @@ -545,7 +545,7 @@ class CI_Upload { */ public function set_xss_clean($flag = FALSE) { - $this->xss_clean = ($flag == TRUE); + $this->xss_clean = ($flag === TRUE); } // -------------------------------------------------------------------- @@ -641,7 +641,7 @@ class CI_Upload { */ public function is_allowed_filesize() { - return ($this->max_size == 0 OR $this->max_size > $this->file_size); + return ($this->max_size === 0 OR $this->max_size > $this->file_size); } // -------------------------------------------------------------------- @@ -687,7 +687,7 @@ class CI_Upload { */ public function validate_upload_path() { - if ($this->upload_path == '') + if ($this->upload_path === '') { $this->set_error('upload_no_filepath'); return FALSE; @@ -809,12 +809,12 @@ class CI_Upload { { $file = $this->file_temp; - if (filesize($file) == 0) + if (filesize($file) === 0) { return FALSE; } - if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '') + if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') !== '') { $current = ini_get('memory_limit') * 1024 * 1024; @@ -884,14 +884,14 @@ class CI_Upload { { foreach ($msg as $val) { - $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val); + $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); } } else { - $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg); + $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg); $this->error_msg[] = $msg; log_message('error', $msg); } @@ -926,7 +926,7 @@ class CI_Upload { { global $mimes; - if (count($this->mimes) == 0) + if (count($this->mimes) === 0) { if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { @@ -960,7 +960,7 @@ class CI_Upload { */ protected function _prep_filename($filename) { - if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*') + if (strpos($filename, '.') === FALSE OR $this->allowed_types === '*') { return $filename; } -- cgit v1.2.3-24-g4f1b From 5036c9caabb12f90b9533d7fb417610e02a652ff Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 4 Jun 2012 15:34:56 +0300 Subject: Revert/optimize some changes from 773ccc318f2769c9b7579630569b5d8ba47b114b and d261b1e89c3d4d5191036d5a5660ef6764e593a0 --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e4cc54b21..bd97a611b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -809,12 +809,12 @@ class CI_Upload { { $file = $this->file_temp; - if (filesize($file) === 0) + if (filesize($file) == 0) { return FALSE; } - if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') !== '') + if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit')) { $current = ini_get('memory_limit') * 1024 * 1024; -- cgit v1.2.3-24-g4f1b From 39b1c11f5976104dce30fe83e1d3c6f9ed616122 Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Mon, 4 Jun 2012 16:51:14 -0500 Subject: Direct return from mimes config, instead of using global $mimes; Global variables are generally a terrible idea, especially for something as simple as this. The mimes.php now returns an array instead of just injecting a variable name into the global namespace. --- system/libraries/Upload.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index bd97a611b..e31029e49 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -930,18 +930,16 @@ class CI_Upload { { if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) { - include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); + $this->mimes = include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); } elseif (is_file(APPPATH.'config/mimes.php')) { - include(APPPATH.'config/mimes.php'); + $this->mimes = include(APPPATH.'config/mimes.php'); } else { return FALSE; } - - $this->mimes = $mimes; } return isset($this->mimes[$mime]) ? $this->mimes[$mime] : FALSE; -- cgit v1.2.3-24-g4f1b From 6ef498b49946ba74d610b3805fb908b163a7f03a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 5 Jun 2012 22:01:58 +0300 Subject: Added get_mimes() function to system/core/Commons.php.The MIMEs array from config/mimes.php is used by multiple core classes, libraries and helpers and each of them has implemented an own way of getting it, which is not needed and is hard to maintain. This also fixes issue #1411 --- system/libraries/Upload.php | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e31029e49..c1e07de7a 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -78,6 +78,8 @@ class CI_Upload { $this->initialize($props); } + $this->mimes =& get_mimes(); + log_message('debug', 'Upload Class Initialized'); } @@ -113,7 +115,6 @@ class CI_Upload { 'image_type' => '', 'image_size_str' => '', 'error_msg' => array(), - 'mimes' => array(), 'remove_spaces' => TRUE, 'xss_clean' => FALSE, 'temp_prefix' => 'temp_file_', @@ -924,24 +925,6 @@ class CI_Upload { */ public function mimes_types($mime) { - global $mimes; - - if (count($this->mimes) === 0) - { - if (defined('ENVIRONMENT') && is_file(APPPATH.'config/'.ENVIRONMENT.'/mimes.php')) - { - $this->mimes = include(APPPATH.'config/'.ENVIRONMENT.'/mimes.php'); - } - elseif (is_file(APPPATH.'config/mimes.php')) - { - $this->mimes = include(APPPATH.'config/mimes.php'); - } - else - { - return FALSE; - } - } - return isset($this->mimes[$mime]) ? $this->mimes[$mime] : FALSE; } -- cgit v1.2.3-24-g4f1b From c839d28f4230dce0c658338f267b821cc16490a2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 7 Jun 2012 14:35:27 +0300 Subject: Remove some unnecessary function_exists() checks and some minor improvements --- system/libraries/Upload.php | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c1e07de7a..1f6aeeb6b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -694,7 +694,7 @@ class CI_Upload { return FALSE; } - if (function_exists('realpath') && @realpath($this->upload_path) !== FALSE) + if (@realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace('\\', '/', realpath($this->upload_path)); } @@ -815,17 +815,17 @@ class CI_Upload { return FALSE; } - if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit')) + if (memory_get_usage() && ($memory_limit = ini_get('memory_limit'))) { - $current = ini_get('memory_limit') * 1024 * 1024; + $memory_limit *= 1024 * 1024; // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output // into scientific notation. number_format() ensures this number is an integer // http://bugs.php.net/bug.php?id=43053 - $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); + $memory_limit = number_format(ceil(filesize($file) + $memory_limit), 0, '.', ''); - ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net + ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net } // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but @@ -849,14 +849,8 @@ class CI_Upload { // ]/i', $opening_bytes)) - { - return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good - } - else - { - return FALSE; - } + // if its an image or no "triggers" detected in the first 256 bytes - we're good + return ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes); } if (($data = @file_get_contents($file)) === FALSE) -- cgit v1.2.3-24-g4f1b From dca9f23d2d24ccf412d239693d2d156a8ee7fabe Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Mon, 11 Jun 2012 09:17:14 +0200 Subject: get upload data with index key --- system/libraries/Upload.php | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1f6aeeb6b..e422edb6c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -347,26 +347,34 @@ class CI_Upload { * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * + * @param string * @return array */ - public function data() + public function data($index = NULL) { - return array( - 'file_name' => $this->file_name, - 'file_type' => $this->file_type, - 'file_path' => $this->upload_path, - 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => str_replace($this->file_ext, '', $this->file_name), - 'orig_name' => $this->orig_name, + $data = array( + 'file_name' => $this->file_name, + 'file_type' => $this->file_type, + 'file_path' => $this->upload_path, + 'full_path' => $this->upload_path.$this->file_name, + 'raw_name' => str_replace($this->file_ext, '', $this->file_name), + 'orig_name' => $this->orig_name, 'client_name' => $this->client_name, - 'file_ext' => $this->file_ext, - 'file_size' => $this->file_size, - 'is_image' => $this->is_image(), + 'file_ext' => $this->file_ext, + 'file_size' => $this->file_size, + 'is_image' => $this->is_image(), 'image_width' => $this->image_width, 'image_height' => $this->image_height, 'image_type' => $this->image_type, 'image_size_str' => $this->image_size_str, ); + + if ($index === NULL OR ! isset($data[$index])) + { + return $data; + } + + return $data[$index]; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 3a7fb04fec6d5a389b8ab40b32403c9db0c40389 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Mon, 11 Jun 2012 09:29:16 +0200 Subject: tab fixes --- system/libraries/Upload.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e422edb6c..287e28106 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -353,16 +353,16 @@ class CI_Upload { public function data($index = NULL) { $data = array( - 'file_name' => $this->file_name, - 'file_type' => $this->file_type, - 'file_path' => $this->upload_path, - 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => str_replace($this->file_ext, '', $this->file_name), - 'orig_name' => $this->orig_name, + 'file_name' => $this->file_name, + 'file_type' => $this->file_type, + 'file_path' => $this->upload_path, + 'full_path' => $this->upload_path.$this->file_name, + 'raw_name' => str_replace($this->file_ext, '', $this->file_name), + 'orig_name' => $this->orig_name, 'client_name' => $this->client_name, - 'file_ext' => $this->file_ext, - 'file_size' => $this->file_size, - 'is_image' => $this->is_image(), + 'file_ext' => $this->file_ext, + 'file_size' => $this->file_size, + 'is_image' => $this->is_image(), 'image_width' => $this->image_width, 'image_height' => $this->image_height, 'image_type' => $this->image_type, -- cgit v1.2.3-24-g4f1b From 46a0429a02bdf9dcf63c44c3f344417a1e9a5f0f Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Mon, 11 Jun 2012 10:37:52 +0200 Subject: fixes --- system/libraries/Upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 287e28106..b1d6ad6ca 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -369,12 +369,12 @@ class CI_Upload { 'image_size_str' => $this->image_size_str, ); - if ($index === NULL OR ! isset($data[$index])) + if ( ! empty($index)) { - return $data; + return isset($data[$index]) ? $data[$index] : NULL; } - return $data[$index]; + return $data; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 0ee287ea08de5f3098a27230dcd8ca242b2eb793 Mon Sep 17 00:00:00 2001 From: Michiel Vugteveen Date: Mon, 11 Jun 2012 10:38:14 +0200 Subject: fixes --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index b1d6ad6ca..c96daaf15 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -348,7 +348,7 @@ class CI_Upload { * related to the upload, allowing the developer easy access in one array. * * @param string - * @return array + * @return mixed */ public function data($index = NULL) { -- cgit v1.2.3-24-g4f1b From d60e700640c2a67f74acff090b94d06117bfc203 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sun, 17 Jun 2012 00:03:03 +0300 Subject: Add an option to disable MIME detection in the Upload library (issue #1494) --- system/libraries/Upload.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index c96daaf15..d381440cd 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -59,6 +59,7 @@ class CI_Upload { public $error_msg = array(); public $mimes = array(); public $remove_spaces = TRUE; + public $detect_mime = TRUE; public $xss_clean = FALSE; public $temp_prefix = 'temp_file_'; public $client_name = ''; @@ -116,6 +117,7 @@ class CI_Upload { 'image_size_str' => '', 'error_msg' => array(), 'remove_spaces' => TRUE, + 'detect_mime' => TRUE, 'xss_clean' => FALSE, 'temp_prefix' => 'temp_file_', 'client_name' => '' @@ -209,7 +211,13 @@ class CI_Upload { // Set the uploaded data as class variables $this->file_temp = $_FILES[$field]['tmp_name']; $this->file_size = $_FILES[$field]['size']; - $this->_file_mime_type($_FILES[$field]); + + // Skip MIME type detection? + if ($this->detect_mime !== FALSE) + { + $this->_file_mime_type($_FILES[$field]); + } + $this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); $this->file_name = $this->_prep_filename($_FILES[$field]['name']); @@ -990,7 +998,7 @@ class CI_Upload { */ if (function_exists('finfo_file')) { - $finfo = finfo_open(FILEINFO_MIME); + $finfo = @finfo_open(FILEINFO_MIME); if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { $mime = @finfo_file($finfo, $file['tmp_name']); @@ -1021,7 +1029,9 @@ class CI_Upload { */ if (DIRECTORY_SEPARATOR !== '\\') { - $cmd = 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1'; + $cmd = function_exists('escapeshellarg') + ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1' + : 'file --brief --mime '.$file['tmp_name'].' 2>&1'; if (function_exists('exec')) { -- cgit v1.2.3-24-g4f1b From 5fd3ae8d33a4f5d3159b86683b9a670e973a63f5 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 24 Oct 2012 14:55:35 +0300 Subject: [ci skip] style and phpdoc-related changes (rel #1295) --- system/libraries/Upload.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index d381440cd..76bbc244e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -154,6 +154,7 @@ class CI_Upload { /** * Perform the file upload * + * @param string $field = 'userfile' * @return bool */ public function do_upload($field = 'userfile') @@ -790,7 +791,8 @@ class CI_Upload { /** * Limit the File Name Length * - * @param string + * @param string $filename + * @param int $length * @return string */ public function limit_filename_length($filename, $length) -- cgit v1.2.3-24-g4f1b From c5536aac5752054f7f76e448d58b86407d8f574e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 1 Nov 2012 17:33:58 +0200 Subject: Manually apply PR #1594 (fixing phpdoc page-level generation/warnings) Also partially fixes issue #1295, fixes inconsistencies in some page-level docblocks and adds include checks in language files. --- system/libraries/Upload.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 76bbc244e..f8c712297 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1,4 +1,4 @@ - Date: Fri, 2 Nov 2012 00:17:39 +0200 Subject: [ci skip] DocBlocks for Upload and Xmlrpc libraries Partially fixes issue #1295 --- system/libraries/Upload.php | 234 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 203 insertions(+), 31 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index f8c712297..013644963 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -37,40 +37,210 @@ defined('BASEPATH') OR exit('No direct script access allowed'); */ class CI_Upload { + /** + * Maximum file size + * + * @var int + */ public $max_size = 0; + + /** + * Maximum image width + * + * @var int + */ public $max_width = 0; + + /** + * Maximum image height + * + * @var int + */ public $max_height = 0; + + /** + * Maximum filename length + * + * @var int + */ public $max_filename = 0; + + /** + * Maximum duplicate filename increment ID + * + * @var int + */ public $max_filename_increment = 100; + + /** + * Allowed file types + * + * @var string + */ public $allowed_types = ''; + + /** + * Temporary filename + * + * @var string + */ public $file_temp = ''; + + /** + * Filename + * + * @var string + */ public $file_name = ''; + + /** + * Original filename + * + * @var string + */ public $orig_name = ''; + + /** + * File type + * + * @var string + */ public $file_type = ''; - public $file_size = ''; + + /** + * File size + * + * @var int + */ + public $file_size = NULL; + + /** + * Filename extension + * + * @var string + */ public $file_ext = ''; + + /** + * Upload path + * + * @var string + */ public $upload_path = ''; + + /** + * Overwrite flag + * + * @var bool + */ public $overwrite = FALSE; + + /** + * Obfuscate filename flag + * + * @var bool + */ public $encrypt_name = FALSE; + + /** + * Is image flag + * + * @var bool + */ public $is_image = FALSE; - public $image_width = ''; - public $image_height = ''; + + /** + * Image width + * + * @var int + */ + public $image_width = NULL; + + /** + * Image height + * + * @var int + */ + public $image_height = NULL; + + /** + * Image type + * + * @var string + */ public $image_type = ''; + + /** + * Image size string + * + * @var string + */ public $image_size_str = ''; + + /** + * Error messages list + * + * @var array + */ public $error_msg = array(); + + /** + * MIME types list + * + * @var array + */ public $mimes = array(); + + /** + * Remove spaces flag + * + * @var bool + */ public $remove_spaces = TRUE; + + /** + * MIME detection flag + * + * @var bool + */ public $detect_mime = TRUE; + + /** + * XSS filter flag + * + * @var bool + */ public $xss_clean = FALSE; + + /** + * Temporary filename prefix + * + * @var string + */ public $temp_prefix = 'temp_file_'; + + /** + * Filename sent by the client + * + * @var bool + */ public $client_name = ''; + // -------------------------------------------------------------------- + + /** + * Filename override + * + * @var string + */ protected $_file_name_override = ''; + // -------------------------------------------------------------------- + /** * Constructor * - * @param array + * @param array $props * @return void */ public function __construct($props = array()) @@ -90,7 +260,7 @@ class CI_Upload { /** * Initialize preferences * - * @param array + * @param array $config * @return void */ public function initialize($config = array()) @@ -106,14 +276,14 @@ class CI_Upload { 'file_name' => '', 'orig_name' => '', 'file_type' => '', - 'file_size' => '', + 'file_size' => NULL, 'file_ext' => '', 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, 'is_image' => FALSE, - 'image_width' => '', - 'image_height' => '', + 'image_width' => NULL, + 'image_height' => NULL, 'image_type' => '', 'image_size_str' => '', 'error_msg' => array(), @@ -155,7 +325,7 @@ class CI_Upload { /** * Perform the file upload * - * @param string $field = 'userfile' + * @param string $field * @return bool */ public function do_upload($field = 'userfile') @@ -357,7 +527,7 @@ class CI_Upload { * Returns an associative array containing all of the information * related to the upload, allowing the developer easy access in one array. * - * @param string + * @param string $index * @return mixed */ public function data($index = NULL) @@ -392,7 +562,7 @@ class CI_Upload { /** * Set Upload Path * - * @param string + * @param string $path * @return void */ public function set_upload_path($path) @@ -410,8 +580,8 @@ class CI_Upload { * existence of a file with the same name. If found, it will append a * number to the end of the filename to avoid overwriting a pre-existing file. * - * @param string - * @param string + * @param string $path + * @param string $filename * @return string */ public function set_filename($path, $filename) @@ -455,7 +625,7 @@ class CI_Upload { /** * Set Maximum File Size * - * @param int + * @param int $n * @return void */ public function set_max_filesize($n) @@ -468,7 +638,7 @@ class CI_Upload { /** * Set Maximum File Name Length * - * @param int + * @param int $n * @return void */ public function set_max_filename($n) @@ -481,7 +651,7 @@ class CI_Upload { /** * Set Maximum Image Width * - * @param int + * @param int $n * @return void */ public function set_max_width($n) @@ -494,7 +664,7 @@ class CI_Upload { /** * Set Maximum Image Height * - * @param int + * @param int $n * @return void */ public function set_max_height($n) @@ -507,7 +677,7 @@ class CI_Upload { /** * Set Allowed File Types * - * @param string + * @param string $types * @return void */ public function set_allowed_types($types) @@ -527,7 +697,7 @@ class CI_Upload { * * Uses GD to determine the width/height/type of image * - * @param string + * @param string $path * @return void */ public function set_image_properties($path = '') @@ -559,7 +729,7 @@ class CI_Upload { * Enables the XSS flag so that the file that was uploaded * will be run through the XSS filter. * - * @param bool + * @param bool $flag * @return void */ public function set_xss_clean($flag = FALSE) @@ -601,7 +771,7 @@ class CI_Upload { /** * Verify that the filetype is allowed * - * @param bool + * @param bool $ignore_mime * @return bool */ public function is_allowed_filetype($ignore_mime = FALSE) @@ -738,7 +908,7 @@ class CI_Upload { /** * Extract the file extension * - * @param string + * @param string $filename * @return string */ public function get_extension($filename) @@ -752,7 +922,7 @@ class CI_Upload { /** * Clean the file name for security * - * @param string + * @param string $filename * @return string */ public function clean_file_name($filename) @@ -886,7 +1056,7 @@ class CI_Upload { /** * Set an error message * - * @param string + * @param string $msg * @return void */ public function set_error($msg) @@ -916,8 +1086,8 @@ class CI_Upload { /** * Display the error message * - * @param string - * @param string + * @param string $open + * @param string $close * @return string */ public function display_errors($open = '

', $close = '

') @@ -933,7 +1103,7 @@ class CI_Upload { * This is a list of mime types. We use it to validate * the "allowed types" set by the developer * - * @param string + * @param string $mime * @return string */ public function mimes_types($mime) @@ -946,10 +1116,12 @@ class CI_Upload { /** * Prep Filename * - * Prevents possible script execution from Apache's handling of files multiple extensions - * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext + * Prevents possible script execution from Apache's handling + * of files' multiple extensions. + * + * @link http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext * - * @param string + * @param string $filename * @return string */ protected function _prep_filename($filename) @@ -986,7 +1158,7 @@ class CI_Upload { * Detects the (actual) MIME type of the uploaded file, if possible. * The input array is expected to be $_FILES[$field] * - * @param array + * @param array $file * @return void */ protected function _file_mime_type($file) -- cgit v1.2.3-24-g4f1b From e9d2dc85b9cb255aae235635576972e4b7dbd5a8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 7 Nov 2012 14:23:29 +0200 Subject: Added function_usable() to common functions It is now used to check whether dangerous functions like eval() and exec() are available. It appears that the Suhosin extension (which is becoming popular) terminates script execution instead of returning e.g. FALSE when it has a function blacklisted. function_exists() checks are insufficient and our only option is to check the ini settings here. Filed an issue here: https://github.com/stefanesser/suhosin/issues/18 ... hopefully we'll be able to deal with this in a more elegant way in the future. (this commit supersedes PR #1809) --- system/libraries/Upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 013644963..b3e9f7515 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1208,7 +1208,7 @@ class CI_Upload { ? 'file --brief --mime '.escapeshellarg($file['tmp_name']).' 2>&1' : 'file --brief --mime '.$file['tmp_name'].' 2>&1'; - if (function_exists('exec')) + if (function_usable('exec')) { /* This might look confusing, as $mime is being populated with all of the output when set in the second parameter. * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites @@ -1223,7 +1223,7 @@ class CI_Upload { } } - if ( (bool) @ini_get('safe_mode') === FALSE && function_exists('shell_exec')) + if ( (bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) @@ -1237,7 +1237,7 @@ class CI_Upload { } } - if (function_exists('popen')) + if (function_usable('popen')) { $proc = @popen($cmd, 'r'); if (is_resource($proc)) -- cgit v1.2.3-24-g4f1b From 838a9d69a9139b6bcd6f8765fdd2d58b929e70ad Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 3 Dec 2012 14:37:47 +0200 Subject: [ci skip] Cleaned some spaces --- system/libraries/Upload.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index b3e9f7515..5d163fb77 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -294,7 +294,6 @@ class CI_Upload { 'client_name' => '' ); - foreach ($defaults as $key => $val) { if (isset($config[$key])) -- cgit v1.2.3-24-g4f1b From 05aa2d653a76b086a909739b2c9386289aa2e0fb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 3 Dec 2012 16:06:55 +0200 Subject: Add min_width and min_height options to the Upload class (manually implementing outdated PR #636) --- system/libraries/Upload.php | 52 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 5d163fb77..4f65c9eb1 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -58,6 +58,20 @@ class CI_Upload { */ public $max_height = 0; + /** + * Minimum image width + * + * @var int + */ + public $min_width = 0; + + /** + * Minimum image height + * + * @var int + */ + public $min_height = 0; + /** * Maximum filename length * @@ -269,6 +283,8 @@ class CI_Upload { 'max_size' => 0, 'max_width' => 0, 'max_height' => 0, + 'min_width' => 0, + 'min_height' => 0, 'max_filename' => 0, 'max_filename_increment' => 100, 'allowed_types' => '', @@ -673,6 +689,32 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * Set minimum image width + * + * @param int $n + * @return void + */ + public function set_min_width($n) + { + $this->min_width = ((int) $n < 0) ? 0 : (int) $n; + } + + // -------------------------------------------------------------------- + + /** + * Set minimum image height + * + * @param int $n + * @return void + */ + public function set_min_height($n) + { + $this->min_height = ((int) $n < 0) ? 0 : (int) $n; + } + + // -------------------------------------------------------------------- + /** * Set Allowed File Types * @@ -859,6 +901,16 @@ class CI_Upload { { return FALSE; } + + if ($this->min_width > 0 && $D[0] < $this->min_width) + { + return FALSE; + } + + if ($this->min_height > 0 && $D[1] < $this->min_height) + { + return FALSE; + } } return TRUE; -- cgit v1.2.3-24-g4f1b From 80500afbd188600212ca913a7bac073009feac73 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Jan 2013 08:16:53 +0200 Subject: [ci skip] Happy new year --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 4f65c9eb1..96bb17edc 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2012, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From 009c8f09fbe767b01453f32b28f8a8a8dd4ef7c5 Mon Sep 17 00:00:00 2001 From: gommarah Date: Mon, 28 Jan 2013 13:45:50 +0200 Subject: Upload library, clean_file_name function: Fix xss bug. For example: If you clear this string "%%3f3f" according to the $bad array will fail. The result will be "%3f" Because str_replace() replaces left to right. Signed-off-by: xeptor --- system/libraries/Upload.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 96bb17edc..86c93411e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1005,6 +1005,13 @@ class CI_Upload { '%3d' // = ); + do + { + $old_filename = $filename; + $filename = str_replace($bad, '', $filename); + } + while ($old_filename !== $filename); + return stripslashes(str_replace($bad, '', $filename)); } -- cgit v1.2.3-24-g4f1b From 9be4cd74db158d805e0bc04c48c52a6453337c1d Mon Sep 17 00:00:00 2001 From: gommarah Date: Mon, 28 Jan 2013 13:58:35 +0200 Subject: Remove str_replace in return --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 86c93411e..1f0bd6a6e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1012,7 +1012,7 @@ class CI_Upload { } while ($old_filename !== $filename); - return stripslashes(str_replace($bad, '', $filename)); + return stripslashes($filename); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 7e5597782a589e4171ca08abdd9ce1a185542ff4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 29 Jan 2013 15:38:33 +0200 Subject: Replace CI_Upload::clean_file_name() usage with CI_Security::sanitize_filename() Also applied @xeptor's fix (a big thanks) to the sanitize_filename() method and added a changelog entry for it - fixes issue #73. --- system/libraries/Upload.php | 50 ++------------------------------------------- 1 file changed, 2 insertions(+), 48 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1f0bd6a6e..814ea68a4 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -463,7 +463,8 @@ class CI_Upload { } // Sanitize the file name for security - $this->file_name = $this->clean_file_name($this->file_name); + $CI =& get_instance(); + $this->file_name = $CI->security->sanitize_filename($this->file_name); // Truncate the file name if it's too long if ($this->max_filename > 0) @@ -970,53 +971,6 @@ class CI_Upload { // -------------------------------------------------------------------- - /** - * Clean the file name for security - * - * @param string $filename - * @return string - */ - public function clean_file_name($filename) - { - $bad = array( - '', - "'", '"', - '<', '>', - '&', '$', - '=', - ';', - '?', - '/', - '!', - '#', - '%20', - '%22', - '%3c', // < - '%253c', // < - '%3e', // > - '%0e', // > - '%28', // ( - '%29', // ) - '%2528', // ( - '%26', // & - '%24', // $ - '%3f', // ? - '%3b', // ; - '%3d' // = - ); - - do - { - $old_filename = $filename; - $filename = str_replace($bad, '', $filename); - } - while ($old_filename !== $filename); - - return stripslashes($filename); - } - - // -------------------------------------------------------------------- - /** * Limit the File Name Length * -- cgit v1.2.3-24-g4f1b From 3567246091195e035ea4c8d3b2915eb6b45ad5e2 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Fri, 15 Feb 2013 01:36:04 +0100 Subject: Various cosmetic fixes --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 814ea68a4..acd76b03b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -430,7 +430,7 @@ class CI_Upload { } else { - // An extension was provided, lets have it! + // An extension was provided, let's have it! $this->file_ext = $this->get_extension($this->_file_name_override); } @@ -1050,7 +1050,7 @@ class CI_Upload { // ]/i', $opening_bytes); } -- cgit v1.2.3-24-g4f1b From f399425bacfa461a77be2e841c3c1f48f9241c4a Mon Sep 17 00:00:00 2001 From: vlakoff Date: Tue, 19 Feb 2013 01:45:23 +0100 Subject: Fix a code comment in Upload->_file_mime_type() Availability of dangerous functions is now tested using function_usable(). --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index acd76b03b..1c14f99ed 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1212,7 +1212,7 @@ class CI_Upload { * Notes: * - the DIRECTORY_SEPARATOR comparison ensures that we're not on a Windows system * - many system admins would disable the exec(), shell_exec(), popen() and similar functions - * due to security concerns, hence the function_exists() checks + * due to security concerns, hence the function_usable() checks */ if (DIRECTORY_SEPARATOR !== '\\') { @@ -1223,7 +1223,7 @@ class CI_Upload { if (function_usable('exec')) { /* This might look confusing, as $mime is being populated with all of the output when set in the second parameter. - * However, we only neeed the last line, which is the actual return value of exec(), and as such - it overwrites + * However, we only need the last line, which is the actual return value of exec(), and as such - it overwrites * anything that could already be set for $mime previously. This effectively makes the second parameter a dummy * value, which is only put to allow us to get the return status code. */ -- cgit v1.2.3-24-g4f1b From 0612756dd37a3472259a19814e1a9bb403ab6e11 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Sat, 30 Mar 2013 00:06:39 +0100 Subject: Some cleanup related to mt_rand() - min and max values are 0 and mt_getrandmax() by default - remove useless mt_srand() seed calls --- system/libraries/Upload.php | 1 - 1 file changed, 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..1fe49d8a6 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -604,7 +604,6 @@ class CI_Upload { { if ($this->encrypt_name === TRUE) { - mt_srand(); $filename = md5(uniqid(mt_rand())).$this->file_ext; } -- cgit v1.2.3-24-g4f1b From e123a6046a4c8447a2221c9ed8279848d5cc672b Mon Sep 17 00:00:00 2001 From: Darren Benney Date: Sat, 30 Mar 2013 18:17:54 +0000 Subject: Modified do_upload() to use UPLOAD_ERR constants. Modified switchcase in the do_upload() use the UPLOAD_ERR_* constants, instead of just using an integer, and then commenting out the constant beside it. --- system/libraries/Upload.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..0c6b7e6a5 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -366,25 +366,25 @@ class CI_Upload { switch ($error) { - case 1: // UPLOAD_ERR_INI_SIZE + case UPLOAD_ERR_INI_SIZE: $this->set_error('upload_file_exceeds_limit'); break; - case 2: // UPLOAD_ERR_FORM_SIZE + case UPLOAD_ERR_FORM_SIZE: $this->set_error('upload_file_exceeds_form_limit'); break; - case 3: // UPLOAD_ERR_PARTIAL + case UPLOAD_ERR_PARTIAL: $this->set_error('upload_file_partial'); break; - case 4: // UPLOAD_ERR_NO_FILE + case UPLOAD_ERR_NO_FILE: $this->set_error('upload_no_file_selected'); break; - case 6: // UPLOAD_ERR_NO_TMP_DIR + case UPLOAD_ERR_NO_TMP_DIR: $this->set_error('upload_no_temp_directory'); break; - case 7: // UPLOAD_ERR_CANT_WRITE + case UPLOAD_ERR_CANT_WRITE: $this->set_error('upload_unable_to_write_file'); break; - case 8: // UPLOAD_ERR_EXTENSION + case UPLOAD_ERR_EXTENSION: $this->set_error('upload_stopped_by_extension'); break; default: -- cgit v1.2.3-24-g4f1b From 4a8d1907d5fc5c054a24130cece8fe738ba46167 Mon Sep 17 00:00:00 2001 From: Darren Benney Date: Sat, 30 Mar 2013 20:07:49 +0000 Subject: Made set_error() method DRY. --- system/libraries/Upload.php | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 1c14f99ed..4751a850f 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1076,21 +1076,17 @@ class CI_Upload { $CI =& get_instance(); $CI->lang->load('upload'); - if (is_array($msg)) + if ( ! is_array($msg)) { - foreach ($msg as $val) - { - $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); - $this->error_msg[] = $msg; - log_message('error', $msg); - } - } - else - { - $msg = ($CI->lang->line($msg) === FALSE) ? $msg : $CI->lang->line($msg); - $this->error_msg[] = $msg; - log_message('error', $msg); - } + $msg = array($msg); + } + + foreach ($msg as $val) + { + $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); + $this->error_msg[] = $msg; + log_message('error', $msg); + } } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 38d5f4b98a55012361fc30c4f3e0daa489ca8e21 Mon Sep 17 00:00:00 2001 From: Darren Benney Date: Sat, 30 Mar 2013 21:00:38 +0000 Subject: Reverted indenting spaces back to tabs. (My fault - Sorry!) --- system/libraries/Upload.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 4751a850f..82b46f094 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1078,15 +1078,15 @@ class CI_Upload { if ( ! is_array($msg)) { - $msg = array($msg); - } - - foreach ($msg as $val) - { - $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); - $this->error_msg[] = $msg; - log_message('error', $msg); - } + $msg = array($msg); + } + + foreach ($msg as $val) + { + $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); + $this->error_msg[] = $msg; + log_message('error', $msg); + } } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 5d1cacfeadacb03dc8cb4dcb334a3e18db4fc5d7 Mon Sep 17 00:00:00 2001 From: Adrian Date: Mon, 24 Jun 2013 14:39:52 +0200 Subject: Force the file extension to lower case --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7c48b4294..9c2b45659 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -965,7 +965,7 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return (count($x) !== 1) ? '.'.end($x) : ''; + return (count($x) !== 1) ? '.'.strtolower(end($x)) : ''; } // -------------------------------------------------------------------- @@ -1284,4 +1284,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file +/* Location: ./system/libraries/Upload.php */ -- cgit v1.2.3-24-g4f1b From f496d13ee26c13b3406d30013206af679bf68922 Mon Sep 17 00:00:00 2001 From: Adrian Date: Mon, 24 Jun 2013 15:56:45 +0200 Subject: Add a config var to let the choice of having the lower case on the extensions when uploading. The default value is set to FALSE. --- system/libraries/Upload.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 9c2b45659..14863d69a 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -135,6 +135,13 @@ class CI_Upload { */ public $file_ext = ''; + /** + * Force filename extension to lowercase + * + * @var string + */ + public $file_ext_case = FALSE; + /** * Upload path * @@ -294,6 +301,7 @@ class CI_Upload { 'file_type' => '', 'file_size' => NULL, 'file_ext' => '', + 'file_ext_case' => FALSE, 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, @@ -965,7 +973,11 @@ class CI_Upload { public function get_extension($filename) { $x = explode('.', $filename); - return (count($x) !== 1) ? '.'.strtolower(end($x)) : ''; + + if($this->file_ext_case) + return (count($x) !== 1) ? '.'.strtolower(end($x)) : ''; + else + return (count($x) !== 1) ? '.'.end($x) : ''; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 74a228b0b842e4aeb8cc9326c5d10c1fe4f4ce06 Mon Sep 17 00:00:00 2001 From: Adrian Date: Tue, 25 Jun 2013 12:09:22 +0200 Subject: New var name to make it more comprehensive Changes to follow the styleguide, proposed by narfbg (thanks to him) --- system/libraries/Upload.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 14863d69a..5861df584 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -140,7 +140,7 @@ class CI_Upload { * * @var string */ - public $file_ext_case = FALSE; + public $file_ext_tolower = FALSE; /** * Upload path @@ -301,7 +301,7 @@ class CI_Upload { 'file_type' => '', 'file_size' => NULL, 'file_ext' => '', - 'file_ext_case' => FALSE, + 'file_ext_tolower' => FALSE, 'upload_path' => '', 'overwrite' => FALSE, 'encrypt_name' => FALSE, @@ -974,10 +974,13 @@ class CI_Upload { { $x = explode('.', $filename); - if($this->file_ext_case) - return (count($x) !== 1) ? '.'.strtolower(end($x)) : ''; - else - return (count($x) !== 1) ? '.'.end($x) : ''; + if (count($x) === 1) + { + return ''; + } + + $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x); + return '.'.$ext; } // -------------------------------------------------------------------- @@ -1296,4 +1299,4 @@ class CI_Upload { } /* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ +/* Location: ./system/libraries/Upload.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From c941d855dc32ec44107cb863596fa385c7aed015 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Tue, 6 Aug 2013 14:44:40 +0200 Subject: Various typos and tabs adjustments --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 85428044d..15eb74bd5 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -463,7 +463,7 @@ class CI_Upload { } // Are the image dimensions within the allowed size? - // Note: This can fail if the server has an open_basdir restriction. + // Note: This can fail if the server has an open_basedir restriction. if ( ! $this->is_allowed_dimensions()) { $this->set_error('upload_invalid_dimensions'); -- cgit v1.2.3-24-g4f1b From 5932a7354bf46fb0a86794af37da42f715c355bf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 13 Sep 2013 14:45:53 +0300 Subject: Improvements to safe_mode detection (it doesn't exist in PHP 5.4) --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 15eb74bd5..060973847 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1245,7 +1245,7 @@ class CI_Upload { } } - if ( (bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec')) + if ((bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) -- cgit v1.2.3-24-g4f1b From 32c7212edb0488524a0eece98cb1e2321ee90c29 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 21 Oct 2013 15:35:05 +0300 Subject: Add CI_Upload:: option --- system/libraries/Upload.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 060973847..7989d113e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -233,6 +233,13 @@ class CI_Upload { */ public $xss_clean = FALSE; + /** + * Apache mod_mime fix flag + * + * @var bool + */ + public $mod_mime_fix = TRUE; + /** * Temporary filename prefix * @@ -314,6 +321,7 @@ class CI_Upload { 'remove_spaces' => TRUE, 'detect_mime' => TRUE, 'xss_clean' => FALSE, + 'mod_mime_fix' => TRUE, 'temp_prefix' => 'temp_file_', 'client_name' => '' ); @@ -1148,7 +1156,7 @@ class CI_Upload { */ protected function _prep_filename($filename) { - if (strpos($filename, '.') === FALSE OR $this->allowed_types === '*') + if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR strpos($filename, '.') === FALSE) { return $filename; } -- cgit v1.2.3-24-g4f1b From cab3e1813f71bddfe8f045772e5cb42e76a4d347 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Jan 2014 14:51:56 +0200 Subject: A tiny improvement in CI_Upload::do_xss_clean() --- system/libraries/Upload.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7989d113e..67a65501e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1081,8 +1081,7 @@ class CI_Upload { return FALSE; } - $CI =& get_instance(); - return $CI->security->xss_clean($data, TRUE); + return get_instance()->security->xss_clean($data, TRUE); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 119d8a7547e155edaaa53682b9247cd7e80d8c9d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 8 Jan 2014 15:27:53 +0200 Subject: Optimize get_instance() calls/assignments --- system/libraries/Upload.php | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 67a65501e..525880f62 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -263,6 +263,13 @@ class CI_Upload { */ protected $_file_name_override = ''; + /** + * CI Singleton + * + * @var object + */ + protected $CI; + // -------------------------------------------------------------------- /** @@ -279,6 +286,7 @@ class CI_Upload { } $this->mimes =& get_mimes(); + $this->CI =& get_instance(); log_message('debug', 'Upload Class Initialized'); } @@ -479,8 +487,7 @@ class CI_Upload { } // Sanitize the file name for security - $CI =& get_instance(); - $this->file_name = $CI->security->sanitize_filename($this->file_name); + $this->file_name = $this->CI->security->sanitize_filename($this->file_name); // Truncate the file name if it's too long if ($this->max_filename > 0) @@ -1081,7 +1088,7 @@ class CI_Upload { return FALSE; } - return get_instance()->security->xss_clean($data, TRUE); + return $this->CI->security->xss_clean($data, TRUE); } // -------------------------------------------------------------------- @@ -1094,17 +1101,13 @@ class CI_Upload { */ public function set_error($msg) { - $CI =& get_instance(); - $CI->lang->load('upload'); + $this->CI->lang->load('upload'); - if ( ! is_array($msg)) - { - $msg = array($msg); - } + is_array($msg) OR $msg = array($msg); foreach ($msg as $val) { - $msg = ($CI->lang->line($val) === FALSE) ? $val : $CI->lang->line($val); + $msg = ($this->CI->lang->line($val) === FALSE) ? $val : $this->CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); } -- cgit v1.2.3-24-g4f1b From 871754af60251993d640981e107d2def5f2db396 Mon Sep 17 00:00:00 2001 From: darwinel Date: Tue, 11 Feb 2014 17:34:57 +0100 Subject: 2013 > 2014 Update copyright notices from 2013 to 2014. And update one calendar example in user_guide from year 2013/2014 to 2014/2015. --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 525880f62..983d832fd 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -18,7 +18,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) * @link http://codeigniter.com * @since Version 1.0 -- cgit v1.2.3-24-g4f1b From f62747451d1f040b36db7611255d7c1b3cdffcdf Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 20 Feb 2014 18:05:58 +0200 Subject: Don't use error suppression on ini_get() either --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 983d832fd..4939b158c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1255,7 +1255,7 @@ class CI_Upload { } } - if ((bool) @ini_get('safe_mode') === FALSE && function_usable('shell_exec')) + if ( ! ini_get('safe_mode') && function_usable('shell_exec')) { $mime = @shell_exec($cmd); if (strlen($mime) > 0) -- cgit v1.2.3-24-g4f1b From 2cf4c9bac558e978d376ef80c4f515d829706c4c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 21 Feb 2014 15:01:48 +0200 Subject: CI_Upload changes - Method chaining support. - A more abstract resetting of the default settings. - Added an option to initialize() to disable resetting to default settings. - Removed method mimes_types() and slightly optimized chunks of code where it was used. - Added the ability to pass allowed_types as an array. --- system/libraries/Upload.php | 282 ++++++++++++++++++++------------------------ 1 file changed, 129 insertions(+), 153 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 4939b158c..ff1b664fa 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -42,217 +42,210 @@ class CI_Upload { * * @var int */ - public $max_size = 0; + public $max_size = 0; /** * Maximum image width * * @var int */ - public $max_width = 0; + public $max_width = 0; /** * Maximum image height * * @var int */ - public $max_height = 0; + public $max_height = 0; /** * Minimum image width * * @var int */ - public $min_width = 0; + public $min_width = 0; /** * Minimum image height * * @var int */ - public $min_height = 0; + public $min_height = 0; /** * Maximum filename length * * @var int */ - public $max_filename = 0; + public $max_filename = 0; /** * Maximum duplicate filename increment ID * * @var int */ - public $max_filename_increment = 100; + public $max_filename_increment = 100; /** * Allowed file types * * @var string */ - public $allowed_types = ''; + public $allowed_types = ''; /** * Temporary filename * * @var string */ - public $file_temp = ''; + public $file_temp = ''; /** * Filename * * @var string */ - public $file_name = ''; + public $file_name = ''; /** * Original filename * * @var string */ - public $orig_name = ''; + public $orig_name = ''; /** * File type * * @var string */ - public $file_type = ''; + public $file_type = ''; /** * File size * * @var int */ - public $file_size = NULL; + public $file_size = NULL; /** * Filename extension * * @var string */ - public $file_ext = ''; + public $file_ext = ''; /** * Force filename extension to lowercase * * @var string */ - public $file_ext_tolower = FALSE; + public $file_ext_tolower = FALSE; /** * Upload path * * @var string */ - public $upload_path = ''; + public $upload_path = ''; /** * Overwrite flag * * @var bool */ - public $overwrite = FALSE; + public $overwrite = FALSE; /** * Obfuscate filename flag * * @var bool */ - public $encrypt_name = FALSE; + public $encrypt_name = FALSE; /** * Is image flag * * @var bool */ - public $is_image = FALSE; + public $is_image = FALSE; /** * Image width * * @var int */ - public $image_width = NULL; + public $image_width = NULL; /** * Image height * * @var int */ - public $image_height = NULL; + public $image_height = NULL; /** * Image type * * @var string */ - public $image_type = ''; + public $image_type = ''; /** * Image size string * * @var string */ - public $image_size_str = ''; + public $image_size_str = ''; /** * Error messages list * * @var array */ - public $error_msg = array(); - - /** - * MIME types list - * - * @var array - */ - public $mimes = array(); + public $error_msg = array(); /** * Remove spaces flag * * @var bool */ - public $remove_spaces = TRUE; + public $remove_spaces = TRUE; /** * MIME detection flag * * @var bool */ - public $detect_mime = TRUE; + public $detect_mime = TRUE; /** * XSS filter flag * * @var bool */ - public $xss_clean = FALSE; + public $xss_clean = FALSE; /** * Apache mod_mime fix flag * * @var bool */ - public $mod_mime_fix = TRUE; + public $mod_mime_fix = TRUE; /** * Temporary filename prefix * * @var string */ - public $temp_prefix = 'temp_file_'; + public $temp_prefix = 'temp_file_'; /** * Filename sent by the client * * @var bool */ - public $client_name = ''; + public $client_name = ''; // -------------------------------------------------------------------- @@ -261,14 +254,21 @@ class CI_Upload { * * @var string */ - protected $_file_name_override = ''; + protected $_file_name_override = ''; + + /** + * MIME types list + * + * @var array + */ + protected $_mimes = array(); /** * CI Singleton * * @var object */ - protected $CI; + protected $_CI; // -------------------------------------------------------------------- @@ -278,15 +278,12 @@ class CI_Upload { * @param array $props * @return void */ - public function __construct($props = array()) + public function __construct($config = array()) { - if (count($props) > 0) - { - $this->initialize($props); - } + empty($config) OR $this->initialize($config, FALSE); - $this->mimes =& get_mimes(); - $this->CI =& get_instance(); + $this->_mimes =& get_mimes(); + $this->_CI =& get_instance(); log_message('debug', 'Upload Class Initialized'); } @@ -297,66 +294,62 @@ class CI_Upload { * Initialize preferences * * @param array $config - * @return void + * @param bool $reset + * @return CI_Upload */ - public function initialize($config = array()) + public function initialize(array $config = array(), $reset = TRUE) { - $defaults = array( - 'max_size' => 0, - 'max_width' => 0, - 'max_height' => 0, - 'min_width' => 0, - 'min_height' => 0, - 'max_filename' => 0, - 'max_filename_increment' => 100, - 'allowed_types' => '', - 'file_temp' => '', - 'file_name' => '', - 'orig_name' => '', - 'file_type' => '', - 'file_size' => NULL, - 'file_ext' => '', - 'file_ext_tolower' => FALSE, - 'upload_path' => '', - 'overwrite' => FALSE, - 'encrypt_name' => FALSE, - 'is_image' => FALSE, - 'image_width' => NULL, - 'image_height' => NULL, - 'image_type' => '', - 'image_size_str' => '', - 'error_msg' => array(), - 'remove_spaces' => TRUE, - 'detect_mime' => TRUE, - 'xss_clean' => FALSE, - 'mod_mime_fix' => TRUE, - 'temp_prefix' => 'temp_file_', - 'client_name' => '' - ); - - foreach ($defaults as $key => $val) + $reflection = new ReflectionClass($this); + + if ($reset === TRUE) { - if (isset($config[$key])) + $defaults = $reflection->getDefaultProperties(); + foreach (array_keys($defaults) as $key) { - $method = 'set_'.$key; - if (method_exists($this, $method)) + if ($key[0] === '_') + { + continue; + } + + if (isset($config[$key])) { - $this->$method($config[$key]); + if ($reflection->hasMethod('set_'.$key)) + { + $this->{'set_'.$key}($config[$key]); + } + else + { + $this->$key = $config[$key]; + } } else { - $this->$key = $config[$key]; + $this->$key = $defaults[$key]; } } - else + + return $this; + } + + foreach ($config as $key => &$value) + { + if ($key[0] !== '_' && $reflection->hasProperty($key)) { - $this->$key = $val; + if ($reflection->hasMethod('set_'.$key)) + { + $this->{'set_'.$key}($value); + } + else + { + $this->$key = $value; + } } } // if a file_name was provided in the config, use it instead of the user input // supplied file name for all uploads until initialized again $this->_file_name_override = $this->file_name; + return $this; } // -------------------------------------------------------------------- @@ -487,7 +480,7 @@ class CI_Upload { } // Sanitize the file name for security - $this->file_name = $this->CI->security->sanitize_filename($this->file_name); + $this->file_name = $this->_CI->security->sanitize_filename($this->file_name); // Truncate the file name if it's too long if ($this->max_filename > 0) @@ -602,12 +595,13 @@ class CI_Upload { * Set Upload Path * * @param string $path - * @return void + * @return CI_Upload */ public function set_upload_path($path) { // Make sure it has a trailing slash $this->upload_path = rtrim($path, '/').'/'; + return $this; } // -------------------------------------------------------------------- @@ -664,11 +658,12 @@ class CI_Upload { * Set Maximum File Size * * @param int $n - * @return void + * @return CI_Upload */ public function set_max_filesize($n) { - $this->max_size = ((int) $n < 0) ? 0 : (int) $n; + $this->max_size = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -677,11 +672,12 @@ class CI_Upload { * Set Maximum File Name Length * * @param int $n - * @return void + * @return CI_Upload */ public function set_max_filename($n) { - $this->max_filename = ((int) $n < 0) ? 0 : (int) $n; + $this->max_filename = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -690,11 +686,12 @@ class CI_Upload { * Set Maximum Image Width * * @param int $n - * @return void + * @return CI_Upload */ public function set_max_width($n) { - $this->max_width = ((int) $n < 0) ? 0 : (int) $n; + $this->max_width = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -703,11 +700,12 @@ class CI_Upload { * Set Maximum Image Height * * @param int $n - * @return void + * @return CI_Upload */ public function set_max_height($n) { - $this->max_height = ((int) $n < 0) ? 0 : (int) $n; + $this->max_height = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -716,11 +714,12 @@ class CI_Upload { * Set minimum image width * * @param int $n - * @return void + * @return CI_Upload */ public function set_min_width($n) { - $this->min_width = ((int) $n < 0) ? 0 : (int) $n; + $this->min_width = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -729,11 +728,12 @@ class CI_Upload { * Set minimum image height * * @param int $n - * @return void + * @return CI_Upload */ public function set_min_height($n) { - $this->min_height = ((int) $n < 0) ? 0 : (int) $n; + $this->min_height = ($n < 0) ? 0 : (int) $n; + return $this; } // -------------------------------------------------------------------- @@ -742,16 +742,14 @@ class CI_Upload { * Set Allowed File Types * * @param string $types - * @return void + * @return CI_Upload */ public function set_allowed_types($types) { - if ( ! is_array($types) && $types === '*') - { - $this->allowed_types = '*'; - return; - } - $this->allowed_types = explode('|', $types); + $this->allowed_types = (is_array($types) OR $types === '*') + ? $types + : explode('|', $types); + return $this; } // -------------------------------------------------------------------- @@ -762,16 +760,11 @@ class CI_Upload { * Uses GD to determine the width/height/type of image * * @param string $path - * @return void + * @return CI_Upload */ public function set_image_properties($path = '') { - if ( ! $this->is_image()) - { - return; - } - - if (function_exists('getimagesize')) + if ($this->is_image() && function_exists('getimagesize')) { if (FALSE !== ($D = @getimagesize($path))) { @@ -783,6 +776,8 @@ class CI_Upload { $this->image_size_str = $D[3]; // string containing height and width } } + + return $this; } // -------------------------------------------------------------------- @@ -794,11 +789,12 @@ class CI_Upload { * will be run through the XSS filter. * * @param bool $flag - * @return void + * @return CI_Upload */ public function set_xss_clean($flag = FALSE) { $this->xss_clean = ($flag === TRUE); + return $this; } // -------------------------------------------------------------------- @@ -845,7 +841,7 @@ class CI_Upload { return TRUE; } - if ( ! is_array($this->allowed_types) OR count($this->allowed_types) === 0) + if (empty($this->allowed_types) OR ! is_array($this->allowed_types)) { $this->set_error('upload_no_file_types'); return FALSE; @@ -853,15 +849,13 @@ class CI_Upload { $ext = strtolower(ltrim($this->file_ext, '.')); - if ( ! in_array($ext, $this->allowed_types)) + if ( ! in_array($ext, $this->allowed_types, TRUE)) { return FALSE; } // Images get some additional checks - $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe'); - - if (in_array($ext, $image_types) && @getimagesize($this->file_temp) === FALSE) + if (in_array($ext, array('gif', 'jpg', 'jpeg', 'jpe', 'png'), TRUE) && @getimagesize($this->file_temp) === FALSE) { return FALSE; } @@ -871,15 +865,11 @@ class CI_Upload { return TRUE; } - $mime = $this->mimes_types($ext); - - if (is_array($mime) && in_array($this->file_type, $mime, TRUE)) + if (isset($this->_mimes[$ext])) { - return TRUE; - } - elseif ($mime === $this->file_type) - { - return TRUE; + return is_array($this->_mimes[$ext]) + ? in_array($this->file_type, $this->_mimes[$ext], TRUE) + : ($this->_mimes[$ext] === $this->file_type); } return FALSE; @@ -1034,7 +1024,7 @@ class CI_Upload { * I'm not sure that it won't negatively affect certain files in unexpected ways, * but so far I haven't found that it causes trouble. * - * @return void + * @return string */ public function do_xss_clean() { @@ -1088,7 +1078,7 @@ class CI_Upload { return FALSE; } - return $this->CI->security->xss_clean($data, TRUE); + return $this->_CI->security->xss_clean($data, TRUE); } // -------------------------------------------------------------------- @@ -1097,20 +1087,22 @@ class CI_Upload { * Set an error message * * @param string $msg - * @return void + * @return CI_Upload */ public function set_error($msg) { - $this->CI->lang->load('upload'); + $this->_CI->lang->load('upload'); is_array($msg) OR $msg = array($msg); foreach ($msg as $val) { - $msg = ($this->CI->lang->line($val) === FALSE) ? $val : $this->CI->lang->line($val); + $msg = ($this->_CI->lang->line($val) === FALSE) ? $val : $this->_CI->lang->line($val); $this->error_msg[] = $msg; log_message('error', $msg); } + + return $this; } // -------------------------------------------------------------------- @@ -1129,22 +1121,6 @@ class CI_Upload { // -------------------------------------------------------------------- - /** - * List of Mime Types - * - * This is a list of mime types. We use it to validate - * the "allowed types" set by the developer - * - * @param string $mime - * @return string - */ - public function mimes_types($mime) - { - return isset($this->mimes[$mime]) ? $this->mimes[$mime] : FALSE; - } - - // -------------------------------------------------------------------- - /** * Prep Filename * @@ -1169,7 +1145,7 @@ class CI_Upload { foreach ($parts as $part) { - if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE) + if ( ! in_array(strtolower($part), $this->allowed_types) OR ! isset($this->_mimes[strtolower($part)])) { $filename .= '.'.$part.'_'; } -- cgit v1.2.3-24-g4f1b From 82179bf31f00564282f2a4d9873c6107b6732631 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 22 Feb 2014 00:29:53 +0200 Subject: [ci skip] Alter a docblock --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index ff1b664fa..66514cd69 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -741,7 +741,7 @@ class CI_Upload { /** * Set Allowed File Types * - * @param string $types + * @param mixed $types * @return CI_Upload */ public function set_allowed_types($types) -- cgit v1.2.3-24-g4f1b From e7d017bcc38909f55e8f817b27263e59d1ca5598 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 25 Feb 2014 12:23:34 +0200 Subject: Add array notation support for file field names in CI_Upload Requested in #1691 --- system/libraries/Upload.php | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 66514cd69..583a97693 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -363,7 +363,28 @@ class CI_Upload { public function do_upload($field = 'userfile') { // Is $_FILES[$field] set? If not, no reason to continue. - if ( ! isset($_FILES[$field])) + if (isset($_FILES[$field])) + { + $_file = $_FILES[$field]; + } + // Does the field name contain array notation? + elseif (($c = preg_match_all('/(?:^[^\[]+)|\[[^]]*\]/', $field, $matches)) > 1) + { + $_file = $_FILES; + for ($i = 0; $i < $c; $i++) + { + // We can't track numeric iterations, only full field names are accepted + if (($field = trim($matches[0][$i], '[]')) === '' OR ! isset($_file[$field])) + { + $_file = NULL; + break; + } + + $_file = $_file[$field]; + } + } + + if ( ! isset($_file)) { $this->set_error('upload_no_file_selected'); return FALSE; @@ -377,9 +398,9 @@ class CI_Upload { } // Was the file able to be uploaded? If not, determine the reason why. - if ( ! is_uploaded_file($_FILES[$field]['tmp_name'])) + if ( ! is_uploaded_file($_file['tmp_name'])) { - $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error']; + $error = isset($_file['error']) ? $_file['error'] : 4; switch ($error) { @@ -413,18 +434,18 @@ class CI_Upload { } // Set the uploaded data as class variables - $this->file_temp = $_FILES[$field]['tmp_name']; - $this->file_size = $_FILES[$field]['size']; + $this->file_temp = $_file['tmp_name']; + $this->file_size = $_file['size']; // Skip MIME type detection? if ($this->detect_mime !== FALSE) { - $this->_file_mime_type($_FILES[$field]); + $this->_file_mime_type($_file); } $this->file_type = preg_replace('/^(.+?);.*$/', '\\1', $this->file_type); $this->file_type = strtolower(trim(stripslashes($this->file_type), '"')); - $this->file_name = $this->_prep_filename($_FILES[$field]['name']); + $this->file_name = $this->_prep_filename($_file['name']); $this->file_ext = $this->get_extension($this->file_name); $this->client_name = $this->file_name; -- cgit v1.2.3-24-g4f1b From ea41c8aa1951216b6a9ccc99832d69d2b41c5ead Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 26 Feb 2014 18:31:02 +0200 Subject: Don't use error suppression on realpath() + style adjustments --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 583a97693..62cfb28c0 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -967,7 +967,7 @@ class CI_Upload { return FALSE; } - if (@realpath($this->upload_path) !== FALSE) + if (realpath($this->upload_path) !== FALSE) { $this->upload_path = str_replace('\\', '/', realpath($this->upload_path)); } -- cgit v1.2.3-24-g4f1b From 382b51383c84fbb7f861fcd87b0b71b35c9f2869 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 26 Feb 2014 18:41:59 +0200 Subject: Don't use error suppression on is_dir(), file_exists() --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 62cfb28c0..75fc0624f 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -972,7 +972,7 @@ class CI_Upload { $this->upload_path = str_replace('\\', '/', realpath($this->upload_path)); } - if ( ! @is_dir($this->upload_path)) + if ( ! is_dir($this->upload_path)) { $this->set_error('upload_no_filepath'); return FALSE; -- cgit v1.2.3-24-g4f1b From a8027ffc90ef80819fba01209fa57f810e2104af Mon Sep 17 00:00:00 2001 From: Joseba Juániz Date: Wed, 6 Aug 2014 20:03:25 +0200 Subject: Change name didn't work if reset initialization it's true If user initializes the upload library with the reset flag as true, the uploaded file doesn't change it's name, it's neccesary to initialize or change the $_file_name_override every time. --- system/libraries/Upload.php | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 75fc0624f..7946111cc 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -327,23 +327,26 @@ class CI_Upload { $this->$key = $defaults[$key]; } } - - return $this; + } - - foreach ($config as $key => &$value) + else { - if ($key[0] !== '_' && $reflection->hasProperty($key)) + + foreach ($config as $key => &$value) { - if ($reflection->hasMethod('set_'.$key)) - { - $this->{'set_'.$key}($value); - } - else + if ($key[0] !== '_' && $reflection->hasProperty($key)) { - $this->$key = $value; + if ($reflection->hasMethod('set_'.$key)) + { + $this->{'set_'.$key}($value); + } + else + { + $this->$key = $value; + } } } + } // if a file_name was provided in the config, use it instead of the user input -- cgit v1.2.3-24-g4f1b From f38c9c29e32e86d453c820bdc13abdd9c2a1a765 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 27 Aug 2014 14:56:31 +0300 Subject: Close #3205 --- system/libraries/Upload.php | 22 ++++------------------ 1 file changed, 4 insertions(+), 18 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7946111cc..49c69a32c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1158,28 +1158,14 @@ class CI_Upload { */ protected function _prep_filename($filename) { - if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR strpos($filename, '.') === FALSE) + if ($this->mod_mime_fix === FALSE OR $this->allowed_types === '*' OR ($ext_pos = strrpos($filename, '.')) === FALSE) { return $filename; } - $parts = explode('.', $filename); - $ext = array_pop($parts); - $filename = array_shift($parts); - - foreach ($parts as $part) - { - if ( ! in_array(strtolower($part), $this->allowed_types) OR ! isset($this->_mimes[strtolower($part)])) - { - $filename .= '.'.$part.'_'; - } - else - { - $filename .= '.'.$part; - } - } - - return $filename.'.'.$ext; + $ext = substr($filename, $ext_pos); + $filename = substr($filename, 0, $ext_pos); + return str_replace('.', '_', $filename).$ext; } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From bdb96ca1b1dbfc1791172fd169d7751cbc4d7d55 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 28 Oct 2014 00:13:31 +0200 Subject: [ci skip] Switch to MIT license; close #3293 --- system/libraries/Upload.php | 39 +++++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 14 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 49c69a32c..745f4980f 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -4,24 +4,35 @@ * * An open source application development framework for PHP 5.2.4 or newer * - * NOTICE OF LICENSE + * This content is released under the MIT License (MIT) * - * Licensed under the Open Software License version 3.0 + * Copyright (c) 2014, British Columbia Institute of Technology * - * This source file is subject to the Open Software License (OSL 3.0) that is - * bundled with this package in the files license.txt / license.rst. It is - * also available through the world wide web at this URL: - * http://opensource.org/licenses/OSL-3.0 - * If you did not receive a copy of the license and are unable to obtain it - * through the world wide web, please send an email to - * licensing@ellislab.com so we can send you a copy immediately. + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: * - * @package CodeIgniter - * @author EllisLab Dev Team + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + * + * @package CodeIgniter + * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @license http://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) - * @link http://codeigniter.com - * @since Version 1.0 + * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @license http://opensource.org/licenses/MIT MIT License + * @link http://codeigniter.com + * @since Version 1.0.0 * @filesource */ defined('BASEPATH') OR exit('No direct script access allowed'); -- cgit v1.2.3-24-g4f1b From fe9309d22c1b088f5363954d6dac013c8c955894 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 9 Jan 2015 17:48:58 +0200 Subject: Bulk (mostly documentation) update - Remove PHP version from license notices - Bump year number in copyright notices - Recommend PHP 5.4 or newer to be used - Tell Travis-CI to test on PHP 5.3.0 instead of the latest 5.3 version Related: #3450 --- system/libraries/Upload.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 745f4980f..e022c43d4 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -2,11 +2,11 @@ /** * CodeIgniter * - * An open source application development framework for PHP 5.2.4 or newer + * An open source application development framework for PHP * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014, British Columbia Institute of Technology + * Copyright (c) 2014 - 2015, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From 90726b8c769ea75aec34814ddfa91655d488e6c3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 20 Jan 2015 12:39:22 +0200 Subject: [ci skip] Change some log messages' level 'Class Loaded' type of messages flood log files when log_threshold is set to 2 (debug). They're now logged as 'info' level. This is manually applying PR #1528, which was created to do the same thing, but became outdated. --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index e022c43d4..3b0e044ae 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -296,7 +296,7 @@ class CI_Upload { $this->_mimes =& get_mimes(); $this->_CI =& get_instance(); - log_message('debug', 'Upload Class Initialized'); + log_message('info', 'Upload Class Initialized'); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 4cbe463b4c442e0e2dae2f43565e77f7ac5ecb86 Mon Sep 17 00:00:00 2001 From: vlakoff Date: Wed, 21 Jan 2015 22:56:22 +0100 Subject: Remove closing blocks at end of PHP files --- system/libraries/Upload.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3b0e044ae..29711bbbc 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1300,6 +1300,3 @@ class CI_Upload { } } - -/* End of file Upload.php */ -/* Location: ./system/libraries/Upload.php */ \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 4a183078d782016cd1aaa74cb1762718638609b8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 22 Jan 2015 00:27:38 +0200 Subject: [ci skip] Whitespace removal --- system/libraries/Upload.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 3b0e044ae..f37b3867e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -338,11 +338,9 @@ class CI_Upload { $this->$key = $defaults[$key]; } } - } else { - foreach ($config as $key => &$value) { if ($key[0] !== '_' && $reflection->hasProperty($key)) @@ -357,7 +355,6 @@ class CI_Upload { } } } - } // if a file_name was provided in the config, use it instead of the user input -- cgit v1.2.3-24-g4f1b From d5784080dcd2c2699bc6fc33a644a1923ba79de8 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Jun 2015 11:50:04 +0300 Subject: Alter CI_Upload logging levels Close #3920 --- system/libraries/Upload.php | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index f5534a7f7..a1bd14930 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -397,7 +397,7 @@ class CI_Upload { if ( ! isset($_file)) { - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected', 'debug'); return FALSE; } @@ -416,28 +416,28 @@ class CI_Upload { switch ($error) { case UPLOAD_ERR_INI_SIZE: - $this->set_error('upload_file_exceeds_limit'); + $this->set_error('upload_file_exceeds_limit', 'info'); break; case UPLOAD_ERR_FORM_SIZE: - $this->set_error('upload_file_exceeds_form_limit'); + $this->set_error('upload_file_exceeds_form_limit', 'info'); break; case UPLOAD_ERR_PARTIAL: - $this->set_error('upload_file_partial'); + $this->set_error('upload_file_partial', 'debug'); break; case UPLOAD_ERR_NO_FILE: - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected', 'debug'); break; case UPLOAD_ERR_NO_TMP_DIR: - $this->set_error('upload_no_temp_directory'); + $this->set_error('upload_no_temp_directory', 'error'); break; case UPLOAD_ERR_CANT_WRITE: - $this->set_error('upload_unable_to_write_file'); + $this->set_error('upload_unable_to_write_file', 'error'); break; case UPLOAD_ERR_EXTENSION: - $this->set_error('upload_stopped_by_extension'); + $this->set_error('upload_stopped_by_extension', 'debug'); break; default: - $this->set_error('upload_no_file_selected'); + $this->set_error('upload_no_file_selected', 'debug'); break; } @@ -463,7 +463,7 @@ class CI_Upload { // Is the file type allowed to be uploaded? if ( ! $this->is_allowed_filetype()) { - $this->set_error('upload_invalid_filetype'); + $this->set_error('upload_invalid_filetype', 'debug'); return FALSE; } @@ -485,7 +485,7 @@ class CI_Upload { if ( ! $this->is_allowed_filetype(TRUE)) { - $this->set_error('upload_invalid_filetype'); + $this->set_error('upload_invalid_filetype', 'debug'); return FALSE; } } @@ -499,7 +499,7 @@ class CI_Upload { // Is the file size within the allowed maximum? if ( ! $this->is_allowed_filesize()) { - $this->set_error('upload_invalid_filesize'); + $this->set_error('upload_invalid_filesize', 'info'); return FALSE; } @@ -507,7 +507,7 @@ class CI_Upload { // Note: This can fail if the server has an open_basedir restriction. if ( ! $this->is_allowed_dimensions()) { - $this->set_error('upload_invalid_dimensions'); + $this->set_error('upload_invalid_dimensions', 'info'); return FALSE; } @@ -552,7 +552,7 @@ class CI_Upload { */ if ($this->xss_clean && $this->do_xss_clean() === FALSE) { - $this->set_error('upload_unable_to_write_file'); + $this->set_error('upload_unable_to_write_file', 'error'); return FALSE; } @@ -567,7 +567,7 @@ class CI_Upload { { if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)) { - $this->set_error('upload_destination_error'); + $this->set_error('upload_destination_error', 'error'); return FALSE; } } @@ -675,7 +675,7 @@ class CI_Upload { if ($new_filename === '') { - $this->set_error('upload_bad_filename'); + $this->set_error('upload_bad_filename', 'debug'); return FALSE; } else @@ -875,7 +875,7 @@ class CI_Upload { if (empty($this->allowed_types) OR ! is_array($this->allowed_types)) { - $this->set_error('upload_no_file_types'); + $this->set_error('upload_no_file_types', 'debug'); return FALSE; } @@ -974,7 +974,7 @@ class CI_Upload { { if ($this->upload_path === '') { - $this->set_error('upload_no_filepath'); + $this->set_error('upload_no_filepath', 'error'); return FALSE; } @@ -985,13 +985,13 @@ class CI_Upload { if ( ! is_dir($this->upload_path)) { - $this->set_error('upload_no_filepath'); + $this->set_error('upload_no_filepath', 'error'); return FALSE; } if ( ! is_really_writable($this->upload_path)) { - $this->set_error('upload_not_writable'); + $this->set_error('upload_not_writable', 'error'); return FALSE; } @@ -1121,17 +1121,16 @@ class CI_Upload { * @param string $msg * @return CI_Upload */ - public function set_error($msg) + public function set_error($msg, $log_level = 'error') { $this->_CI->lang->load('upload'); is_array($msg) OR $msg = array($msg); - foreach ($msg as $val) { $msg = ($this->_CI->lang->line($val) === FALSE) ? $val : $this->_CI->lang->line($val); $this->error_msg[] = $msg; - log_message('error', $msg); + log_message($log_level, $msg); } return $this; -- cgit v1.2.3-24-g4f1b From 91da5d1cc0f339f94922e48bdcce1bace602713a Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 9 Jul 2015 15:14:35 +0300 Subject: Fix #3965 --- system/libraries/Upload.php | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a1bd14930..51232f8a7 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -533,15 +533,9 @@ class CI_Upload { * If it returns false there was a problem. */ $this->orig_name = $this->file_name; - - if ($this->overwrite === FALSE) + if (FALSE === ($this->file_name = $this->set_filename($this->upload_path, $this->file_name))) { - $this->file_name = $this->set_filename($this->upload_path, $this->file_name); - - if ($this->file_name === FALSE) - { - return FALSE; - } + return FALSE; } /* @@ -656,7 +650,7 @@ class CI_Upload { $filename = md5(uniqid(mt_rand())).$this->file_ext; } - if ( ! file_exists($path.$filename)) + if ($this->overwrite === TRUE OR ! file_exists($path.$filename)) { return $filename; } -- cgit v1.2.3-24-g4f1b From 1a8d95a8861eabebb5ce5c01beb9110624400428 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 23 Jul 2015 10:47:53 +0300 Subject: Fix an issue with CI_Upload max filesize Reported via the forums: http://forum.codeigniter.com/thread-62510.html --- system/libraries/Upload.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 51232f8a7..20ddfc145 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -694,6 +694,22 @@ class CI_Upload { // -------------------------------------------------------------------- + /** + * Set Maximum File Size + * + * An internal alias to set_max_filesize() to help with configuration + * as initialize() will look for a set_() method ... + * + * @param int $n + * @return CI_Upload + */ + protected function set_max_size($n) + { + return $this->set_max_filesize($n); + } + + // -------------------------------------------------------------------- + /** * Set Maximum File Name Length * -- cgit v1.2.3-24-g4f1b From 10fb7d17b2025de4963da8b0108fda4da36ade11 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 3 Aug 2015 10:05:29 +0300 Subject: [ci skip] Normalize tabs/spaces Partial changes from PR #4016 --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 20ddfc145..8a2dec76a 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1023,7 +1023,7 @@ class CI_Upload { if (count($x) === 1) { - return ''; + return ''; } $ext = ($this->file_ext_tolower) ? strtolower(end($x)) : end($x); -- cgit v1.2.3-24-g4f1b From 125ef4751080a2118cb203357d77687699e3eb25 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:33:00 +0200 Subject: [ci skip] Bump year to 2016 --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 8a2dec76a..40ca50284 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2015, British Columbia Institute of Technology + * Copyright (c) 2014 - 2016, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) - * @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link http://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b From bd202c91b0e9cf0a8c93bcaa71df9574f5909346 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:50:18 +0200 Subject: [ci skip] Update codeigniter.com links to https --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 40ca50284..5cb25eeec 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -31,7 +31,7 @@ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License - * @link http://codeigniter.com + * @link https://codeigniter.com * @since Version 1.0.0 * @filesource */ @@ -44,7 +44,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); * @subpackage Libraries * @category Uploads * @author EllisLab Dev Team - * @link http://codeigniter.com/user_guide/libraries/file_uploading.html + * @link https://codeigniter.com/user_guide/libraries/file_uploading.html */ class CI_Upload { -- cgit v1.2.3-24-g4f1b From 1924e879b165fb119847a49a7a5eab2f28295fa2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 11 Jan 2016 12:55:34 +0200 Subject: [ci skip] Update ellislab.com links to https too --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 5cb25eeec..15caebebe 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -28,7 +28,7 @@ * * @package CodeIgniter * @author EllisLab Dev Team - * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/) + * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com -- cgit v1.2.3-24-g4f1b From 71d64cbcfde625606ffb55867e0bb547123ef22f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 4 Feb 2016 15:04:35 +0200 Subject: Fix #4430 --- system/libraries/Upload.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 15caebebe..f2418378b 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -526,6 +526,12 @@ class CI_Upload { $this->file_name = preg_replace('/\s+/', '_', $this->file_name); } + if ($this->file_ext_tolower && ($ext_length = strlen($this->file_ext))) + { + // file_ext was previously lower-cased by a get_extension() call + $this->file_name = substr($this->file_name, 0, -$ext_length).$this->file_ext; + } + /* * Validate the file name * This function appends an number onto the end of -- cgit v1.2.3-24-g4f1b From e13fa9fdb3f2e311bd7331e49b26889f24bc81cb Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 20 May 2016 17:30:07 +0300 Subject: Merge pull request #4638 from kasimtan/phpdoc_fixes [ci skip] Fixed PHPDoc parameter name and type discrepancies --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index f2418378b..fa365058c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -286,7 +286,7 @@ class CI_Upload { /** * Constructor * - * @param array $props + * @param array $config * @return void */ public function __construct($config = array()) -- cgit v1.2.3-24-g4f1b From 7a6ae33b3d457a1f86bc20ef78426ada3f37f899 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 6 Jul 2016 16:36:40 +0300 Subject: Merge pull request #4691 from chestnutprog/develop [ci skip] Fix a bug in CI_Upload::data() --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index fa365058c..7b94a230c 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -601,7 +601,7 @@ class CI_Upload { 'file_type' => $this->file_type, 'file_path' => $this->upload_path, 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => str_replace($this->file_ext, '', $this->file_name), + 'raw_name' => substr($this->file_name, 0, strlen($this->file_name) - strlen($this->file_ext)), 'orig_name' => $this->orig_name, 'client_name' => $this->client_name, 'file_ext' => $this->file_ext, -- cgit v1.2.3-24-g4f1b From 81b13ba41f00da46ab23c10e9d625b8fe45b4349 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 19 Jul 2016 15:45:37 +0300 Subject: Merge pull request #4705 from tianhe1986/develop_upload_raw_name Improve #4691 --- system/libraries/Upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 7b94a230c..056f6de1e 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -601,7 +601,7 @@ class CI_Upload { 'file_type' => $this->file_type, 'file_path' => $this->upload_path, 'full_path' => $this->upload_path.$this->file_name, - 'raw_name' => substr($this->file_name, 0, strlen($this->file_name) - strlen($this->file_ext)), + 'raw_name' => substr($this->file_name, 0, -strlen($this->file_ext)), 'orig_name' => $this->orig_name, 'client_name' => $this->client_name, 'file_ext' => $this->file_ext, -- cgit v1.2.3-24-g4f1b From a838279625becfba98ccb7635d35c67297129c42 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 28 Jul 2016 16:40:12 +0300 Subject: Remove dead code written for PHP 5.2 --- system/libraries/Upload.php | 41 ++++++++++++++--------------------------- 1 file changed, 14 insertions(+), 27 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 056f6de1e..a8cf75264 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1086,13 +1086,7 @@ class CI_Upload { if (memory_get_usage() && ($memory_limit = ini_get('memory_limit'))) { $memory_limit *= 1024 * 1024; - - // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output - // into scientific notation. number_format() ensures this number is an integer - // http://bugs.php.net/bug.php?id=43053 - - $memory_limit = number_format(ceil(filesize($file) + $memory_limit), 0, '.', ''); - + $memory_limit = (int) ceil(filesize($file) + $memory_limit); ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net } @@ -1207,28 +1201,21 @@ class CI_Upload { // We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii) $regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/'; - /* Fileinfo extension - most reliable method - * - * Unfortunately, prior to PHP 5.3 - it's only available as a PECL extension and the - * more convenient FILEINFO_MIME_TYPE flag doesn't exist. - */ - if (function_exists('finfo_file')) + // Fileinfo extension - most reliable method + $finfo = @finfo_open(FILEINFO_MIME); + if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { - $finfo = @finfo_open(FILEINFO_MIME); - if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system + $mime = @finfo_file($finfo, $file['tmp_name']); + finfo_close($finfo); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database) + */ + if (is_string($mime) && preg_match($regexp, $mime, $matches)) { - $mime = @finfo_file($finfo, $file['tmp_name']); - finfo_close($finfo); - - /* According to the comments section of the PHP manual page, - * it is possible that this function returns an empty string - * for some files (e.g. if they don't exist in the magic MIME database) - */ - if (is_string($mime) && preg_match($regexp, $mime, $matches)) - { - $this->file_type = $matches[1]; - return; - } + $this->file_type = $matches[1]; + return; } } -- cgit v1.2.3-24-g4f1b From 549a601bac3b1467168e0bb7b5642ba7fc59c35e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 22 Aug 2016 13:18:36 +0300 Subject: Fix CI_Upload errors on PHP 7.1 --- system/libraries/Upload.php | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index a8cf75264..23fd02ead 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1083,10 +1083,27 @@ class CI_Upload { return FALSE; } - if (memory_get_usage() && ($memory_limit = ini_get('memory_limit'))) + if (memory_get_usage() && ($memory_limit = ini_get('memory_limit')) > 0) { - $memory_limit *= 1024 * 1024; - $memory_limit = (int) ceil(filesize($file) + $memory_limit); + $memory_limit = str_split($memory_limit, strspn($memory_limit, '1234567890')); + if ( ! empty($memory_limit[1])) + { + switch ($memory_limit[1][0]) + { + case 'g': + case 'G': + $memory_limit[0] *= 1024 * 1024 * 1024; + break; + case 'm': + case 'M': + $memory_limit[0] *= 1024 * 1024; + break; + default: + break; + } + } + + $memory_limit = (int) ceil(filesize($file) + $memory_limit[0]); ini_set('memory_limit', $memory_limit); // When an integer is used, the value is measured in bytes. - PHP.net } -- cgit v1.2.3-24-g4f1b From 7cc08237c2a15daf283e2bc61501bdc086740311 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 31 Oct 2016 16:19:46 +0200 Subject: [ci skip] Fix #4887 --- system/libraries/Upload.php | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 23fd02ead..778ed6892 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -1218,21 +1218,31 @@ class CI_Upload { // We'll need this to validate the MIME info string (e.g. text/plain; charset=us-ascii) $regexp = '/^([a-z\-]+\/[a-z0-9\-\.\+]+)(;\s.+)?$/'; - // Fileinfo extension - most reliable method - $finfo = @finfo_open(FILEINFO_MIME); - if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system + /** + * Fileinfo extension - most reliable method + * + * Apparently XAMPP, CentOS, cPanel and who knows what + * other PHP distribution channels EXPLICITLY DISABLE + * ext/fileinfo, which is otherwise enabled by default + * since PHP 5.3 ... + */ + if (function_exists('finfo_file')) { - $mime = @finfo_file($finfo, $file['tmp_name']); - finfo_close($finfo); - - /* According to the comments section of the PHP manual page, - * it is possible that this function returns an empty string - * for some files (e.g. if they don't exist in the magic MIME database) - */ - if (is_string($mime) && preg_match($regexp, $mime, $matches)) + $finfo = @finfo_open(FILEINFO_MIME); + if (is_resource($finfo)) // It is possible that a FALSE value is returned, if there is no magic MIME database file found on the system { - $this->file_type = $matches[1]; - return; + $mime = @finfo_file($finfo, $file['tmp_name']); + finfo_close($finfo); + + /* According to the comments section of the PHP manual page, + * it is possible that this function returns an empty string + * for some files (e.g. if they don't exist in the magic MIME database) + */ + if (is_string($mime) && preg_match($regexp, $mime, $matches)) + { + $this->file_type = $matches[1]; + return; + } } } -- cgit v1.2.3-24-g4f1b From da60e9bc66ec90970fbd2dfd08b0a6e66b9f5f5f Mon Sep 17 00:00:00 2001 From: Master Yoda Date: Sat, 31 Dec 2016 08:46:18 -0800 Subject: Update copyright data to 2017 --- system/libraries/Upload.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'system/libraries/Upload.php') diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php index 778ed6892..b37cc2f59 100644 --- a/system/libraries/Upload.php +++ b/system/libraries/Upload.php @@ -6,7 +6,7 @@ * * This content is released under the MIT License (MIT) * - * Copyright (c) 2014 - 2016, British Columbia Institute of Technology + * Copyright (c) 2014 - 2017, British Columbia Institute of Technology * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ * @package CodeIgniter * @author EllisLab Dev Team * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/) - * @copyright Copyright (c) 2014 - 2016, British Columbia Institute of Technology (http://bcit.ca/) + * @copyright Copyright (c) 2014 - 2017, British Columbia Institute of Technology (http://bcit.ca/) * @license http://opensource.org/licenses/MIT MIT License * @link https://codeigniter.com * @since Version 1.0.0 -- cgit v1.2.3-24-g4f1b