Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 23719ab569c9c8d6b791f65d7861daba3895ddcb^! / . / system
commit23719ab569c9c8d6b791f65d7861daba3895ddcb[log] [tgz]
authorHunter Wu <hunter.wu@gmail.com>Thu Aug 01 23:15:13 2013 +0800
committerHunter Wu <hunter.wu@gmail.com>Thu Aug 01 23:15:13 2013 +0800
tree1745d7b15b867b1ec2b67f5310d050bb02af5e95
parentc958eebea2525133bcef9fe47a5dfab9e23128dd [diff]
Add windows filename rule as an option for upload files

diff --git a/system/core/Security.php b/system/core/Security.php
index 196d611..cd1cb1a 100644
--- a/system/core/Security.php
+++ b/system/core/Security.php

@@ -115,6 +115,36 @@
 	);
 
 	/**
+	 * List of bad chars for sanitize filename
+	 *
+	 * @var	array
+	 */
+	private $_filename_bad_str_rules = array(
+		'default' => array(
+			'../', '<!--', '-->', '<', '>',
+			"'", '"', '&', '$', '#',
+			'{', '}', '[', ']', '=',
+			';', '?', '%20', '%22',
+			'%3c',		// <
+			'%253c',	// <
+			'%3e',		// >
+			'%0e',		// >
+			'%28',		// (
+			'%29',		// )
+			'%2528',	// (
+			'%26',		// &
+			'%24',		// $
+			'%3f',		// ?
+			'%3b',		// ;
+			'%3d'		// =
+		),
+		'windows' => array(
+			'\\', '/', ':', '*', '?',
+			'"', '<', '>', '|',
+		),
+	);
+
+	/**
 	 * Class constructor
 	 *
 	 * @return	void
@@ -547,26 +577,9 @@
 	 * @param 	bool	$relative_path	Whether to preserve paths
 	 * @return	string
 	 */
-	public function sanitize_filename($str, $relative_path = FALSE)
+	public function sanitize_filename($str, $relative_path = FALSE, $rule = 'default')
 	{
-		$bad = array(
-			'../', '<!--', '-->', '<', '>',
-			"'", '"', '&', '$', '#',
-			'{', '}', '[', ']', '=',
-			';', '?', '%20', '%22',
-			'%3c',		// <
-			'%253c',	// <
-			'%3e',		// >
-			'%0e',		// >
-			'%28',		// (
-			'%29',		// )
-			'%2528',	// (
-			'%26',		// &
-			'%24',		// $
-			'%3f',		// ?
-			'%3b',		// ;
-			'%3d'		// =
-		);
+		$bad = $this->_filename_bad_str_rules[$rule];
 
 		if ( ! $relative_path)
 		{

diff --git a/system/libraries/Upload.php b/system/libraries/Upload.php
index 8542804..62eca6f 100644
--- a/system/libraries/Upload.php
+++ b/system/libraries/Upload.php

@@ -143,6 +143,13 @@
 	public $file_ext_tolower		= FALSE;
 
 	/**
+	 * Filename Rule
+	 *
+	 * @var	string
+	 */
+	public $filename_rule		= 'default';
+
+	/**
 	 * Upload path
 	 *
 	 * @var	string
@@ -315,7 +322,8 @@
 					'detect_mime'			=> TRUE,
 					'xss_clean'			=> FALSE,
 					'temp_prefix'			=> 'temp_file_',
-					'client_name'			=> ''
+					'client_name'			=> '',
+					'filename_rule'			=> 'default',
 				);
 
 		foreach ($defaults as $key => $val)
@@ -472,7 +480,7 @@
 
 		// Sanitize the file name for security
 		$CI =& get_instance();
-		$this->file_name = $CI->security->sanitize_filename($this->file_name);
+		$this->file_name = $CI->security->sanitize_filename($this->file_name, FALSE, $this->filename_rule);
 
 		// Truncate the file name if it's too long
 		if ($this->max_filename > 0)