Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 14287f3e81d4d717ff49e640d799c579e593f0c0 / . / system / libraries / Upload.php
blob: c8c42d88598baa3af8ca358a69704b1d400681bc [file] [log] [blame]
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2/**
3 * CodeIgniter
4 *
Greg Aker741de1c2010-11-10 14:52:57 -0600[diff] [blame]5 * An open source application development framework for PHP 5.1.6 or newer
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]6 *
7 * @package CodeIgniter
8 * @author ExpressionEngine Dev Team
Greg Aker0711dc82011-01-05 10:49:40 -0600[diff] [blame]9 * @copyright Copyright (c) 2008 - 2011, EllisLab, Inc.
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * File Uploading Class
20 *
21 * @package CodeIgniter
22 * @subpackage Libraries
23 * @category Uploads
24 * @author ExpressionEngine Dev Team
25 * @link http://codeigniter.com/user_guide/libraries/file_uploading.html
26 */
27class CI_Upload {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]28
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]29 public $max_size = 0;
30 public $max_width = 0;
31 public $max_height = 0;
32 public $max_filename = 0;
33 public $allowed_types = "";
34 public $file_temp = "";
35 public $file_name = "";
36 public $orig_name = "";
37 public $file_type = "";
38 public $file_size = "";
39 public $file_ext = "";
40 public $upload_path = "";
41 public $overwrite = FALSE;
42 public $encrypt_name = FALSE;
43 public $is_image = FALSE;
44 public $image_width = '';
45 public $image_height = '';
46 public $image_type = '';
47 public $image_size_str = '';
48 public $error_msg = array();
49 public $mimes = array();
50 public $remove_spaces = TRUE;
51 public $xss_clean = FALSE;
52 public $temp_prefix = "temp_file_";
53 public $client_name = '';
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]54
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]55 protected $_file_name_override = '';
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]56
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]57 /**
58 * Constructor
59 *
60 * @access public
61 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]62 public function __construct($props = array())
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]63 {
64 if (count($props) > 0)
65 {
66 $this->initialize($props);
67 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]68
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]69 log_message('debug', "Upload Class Initialized");
70 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]71
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]72 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]73
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]74 /**
75 * Initialize preferences
76 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]77 * @param array
78 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]79 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]80 public function initialize($config = array())
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]81 {
82 $defaults = array(
83 'max_size' => 0,
84 'max_width' => 0,
85 'max_height' => 0,
86 'max_filename' => 0,
87 'allowed_types' => "",
88 'file_temp' => "",
89 'file_name' => "",
90 'orig_name' => "",
91 'file_type' => "",
92 'file_size' => "",
93 'file_ext' => "",
94 'upload_path' => "",
95 'overwrite' => FALSE,
96 'encrypt_name' => FALSE,
97 'is_image' => FALSE,
98 'image_width' => '',
99 'image_height' => '',
100 'image_type' => '',
101 'image_size_str' => '',
102 'error_msg' => array(),
103 'mimes' => array(),
104 'remove_spaces' => TRUE,
105 'xss_clean' => FALSE,
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]106 'temp_prefix' => "temp_file_",
107 'client_name' => ''
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]108 );
109
110
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]111 foreach ($defaults as $key => $val)
112 {
113 if (isset($config[$key]))
114 {
115 $method = 'set_'.$key;
116 if (method_exists($this, $method))
117 {
118 $this->$method($config[$key]);
119 }
120 else
121 {
122 $this->$key = $config[$key];
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]123 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]124 }
125 else
126 {
127 $this->$key = $val;
128 }
129 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]130
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]131 // if a file_name was provided in the config, use it instead of the user input
132 // supplied file name for all uploads until initialized again
133 $this->_file_name_override = $this->file_name;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]134 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]135
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]136 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]137
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]138 /**
139 * Perform the file upload
140 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]141 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]142 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]143 public function do_upload($field = 'userfile')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]144 {
145 // Is $_FILES[$field] set? If not, no reason to continue.
146 if ( ! isset($_FILES[$field]))
147 {
148 $this->set_error('upload_no_file_selected');
149 return FALSE;
150 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]151
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]152 // Is the upload path valid?
153 if ( ! $this->validate_upload_path())
154 {
155 // errors will already be set by validate_upload_path() so just return FALSE
156 return FALSE;
157 }
158
159 // Was the file able to be uploaded? If not, determine the reason why.
160 if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
161 {
162 $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
163
164 switch($error)
165 {
166 case 1: // UPLOAD_ERR_INI_SIZE
167 $this->set_error('upload_file_exceeds_limit');
168 break;
169 case 2: // UPLOAD_ERR_FORM_SIZE
170 $this->set_error('upload_file_exceeds_form_limit');
171 break;
172 case 3: // UPLOAD_ERR_PARTIAL
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]173 $this->set_error('upload_file_partial');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]174 break;
175 case 4: // UPLOAD_ERR_NO_FILE
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]176 $this->set_error('upload_no_file_selected');
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]177 break;
178 case 6: // UPLOAD_ERR_NO_TMP_DIR
179 $this->set_error('upload_no_temp_directory');
180 break;
181 case 7: // UPLOAD_ERR_CANT_WRITE
182 $this->set_error('upload_unable_to_write_file');
183 break;
184 case 8: // UPLOAD_ERR_EXTENSION
185 $this->set_error('upload_stopped_by_extension');
186 break;
187 default : $this->set_error('upload_no_file_selected');
188 break;
189 }
190
191 return FALSE;
192 }
193
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]194
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]195 // Set the uploaded data as class variables
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]196 $this->file_temp = $_FILES[$field]['tmp_name'];
197 $this->file_size = $_FILES[$field]['size'];
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]198 $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
Derek Jones616fb022010-04-22 16:52:18 -0500[diff] [blame]199 $this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]200 $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
201 $this->file_ext = $this->get_extension($this->file_name);
202 $this->client_name = $this->file_name;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]203
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]204 // Is the file type allowed to be uploaded?
205 if ( ! $this->is_allowed_filetype())
206 {
207 $this->set_error('upload_invalid_filetype');
208 return FALSE;
209 }
210
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]211 // if we're overriding, let's now make sure the new name and type is allowed
212 if ($this->_file_name_override != '')
213 {
214 $this->file_name = $this->_prep_filename($this->_file_name_override);
Phil Sturgeon1e74da22010-12-15 10:45:06 +0000[diff] [blame]215
216 // If no extension was provided in the file_name config item, use the uploaded one
Pascal Kriete14287f32011-02-14 13:39:34 -0500[diff] [blame^]217 if (strpos($this->_file_name_override, '.') === FALSE)
Phil Sturgeon1e74da22010-12-15 10:45:06 +0000[diff] [blame]218 {
219 $this->file_name .= $this->file_ext;
220 }
221
222 // An extension was provided, lets have it!
223 else
224 {
225 $this->file_ext = $this->get_extension($this->_file_name_override);
226 }
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]227
228 if ( ! $this->is_allowed_filetype(TRUE))
229 {
230 $this->set_error('upload_invalid_filetype');
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]231 return FALSE;
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]232 }
233 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]234
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]235 // Convert the file size to kilobytes
236 if ($this->file_size > 0)
237 {
238 $this->file_size = round($this->file_size/1024, 2);
239 }
240
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]241 // Is the file size within the allowed maximum?
242 if ( ! $this->is_allowed_filesize())
243 {
244 $this->set_error('upload_invalid_filesize');
245 return FALSE;
246 }
247
248 // Are the image dimensions within the allowed size?
249 // Note: This can fail if the server has an open_basdir restriction.
250 if ( ! $this->is_allowed_dimensions())
251 {
252 $this->set_error('upload_invalid_dimensions');
253 return FALSE;
254 }
255
256 // Sanitize the file name for security
257 $this->file_name = $this->clean_file_name($this->file_name);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]258
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]259 // Truncate the file name if it's too long
260 if ($this->max_filename > 0)
261 {
262 $this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
263 }
264
265 // Remove white spaces in the name
266 if ($this->remove_spaces == TRUE)
267 {
268 $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
269 }
270
271 /*
272 * Validate the file name
273 * This function appends an number onto the end of
274 * the file if one with the same name already exists.
275 * If it returns false there was a problem.
276 */
277 $this->orig_name = $this->file_name;
278
279 if ($this->overwrite == FALSE)
280 {
281 $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]282
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]283 if ($this->file_name === FALSE)
284 {
285 return FALSE;
286 }
287 }
288
289 /*
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]290 * Run the file through the XSS hacking filter
291 * This helps prevent malicious code from being
292 * embedded within a file. Scripts can easily
293 * be disguised as images or other file types.
294 */
295 if ($this->xss_clean)
296 {
297 if ($this->do_xss_clean() === FALSE)
298 {
299 $this->set_error('upload_unable_to_write_file');
300 return FALSE;
301 }
302 }
303
304 /*
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]305 * Move the file to the final destination
306 * To deal with different server configurations
307 * we'll attempt to use copy() first. If that fails
308 * we'll use move_uploaded_file(). One of the two should
309 * reliably work in most environments
310 */
311 if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
312 {
313 if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
314 {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]315 $this->set_error('upload_destination_error');
316 return FALSE;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]317 }
318 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]319
320 /*
321 * Set the finalized image dimensions
322 * This sets the image width/height (assuming the
323 * file was an image). We use this information
324 * in the "data" function.
325 */
326 $this->set_image_properties($this->upload_path.$this->file_name);
327
328 return TRUE;
329 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]330
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]331 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]332
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]333 /**
334 * Finalized Data Array
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]335 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]336 * Returns an associative array containing all of the information
337 * related to the upload, allowing the developer easy access in one array.
338 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]339 * @return array
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]340 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]341 public function data()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]342 {
343 return array (
344 'file_name' => $this->file_name,
345 'file_type' => $this->file_type,
346 'file_path' => $this->upload_path,
347 'full_path' => $this->upload_path.$this->file_name,
348 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
349 'orig_name' => $this->orig_name,
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]350 'client_name' => $this->client_name,
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]351 'file_ext' => $this->file_ext,
352 'file_size' => $this->file_size,
353 'is_image' => $this->is_image(),
354 'image_width' => $this->image_width,
355 'image_height' => $this->image_height,
356 'image_type' => $this->image_type,
357 'image_size_str' => $this->image_size_str,
358 );
359 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]360
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]361 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]362
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]363 /**
364 * Set Upload Path
365 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]366 * @param string
367 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]368 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]369 public function set_upload_path($path)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]370 {
371 // Make sure it has a trailing slash
372 $this->upload_path = rtrim($path, '/').'/';
373 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]374
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]375 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]376
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]377 /**
378 * Set the file name
379 *
380 * This function takes a filename/path as input and looks for the
381 * existence of a file with the same name. If found, it will append a
382 * number to the end of the filename to avoid overwriting a pre-existing file.
383 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]384 * @param string
385 * @param string
386 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]387 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]388 public function set_filename($path, $filename)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]389 {
390 if ($this->encrypt_name == TRUE)
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]391 {
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]392 mt_srand();
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]393 $filename = md5(uniqid(mt_rand())).$this->file_ext;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]394 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]395
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]396 if ( ! file_exists($path.$filename))
397 {
398 return $filename;
399 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]400
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]401 $filename = str_replace($this->file_ext, '', $filename);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]402
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]403 $new_filename = '';
404 for ($i = 1; $i < 100; $i++)
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]405 {
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]406 if ( ! file_exists($path.$filename.$i.$this->file_ext))
407 {
408 $new_filename = $filename.$i.$this->file_ext;
409 break;
410 }
411 }
412
413 if ($new_filename == '')
414 {
415 $this->set_error('upload_bad_filename');
416 return FALSE;
417 }
418 else
419 {
420 return $new_filename;
421 }
422 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]423
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]424 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]425
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]426 /**
427 * Set Maximum File Size
428 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]429 * @param integer
430 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]431 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]432 public function set_max_filesize($n)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]433 {
434 $this->max_size = ((int) $n < 0) ? 0: (int) $n;
435 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]436
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]437 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]438
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]439 /**
440 * Set Maximum File Name Length
441 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]442 * @param integer
443 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]444 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]445 public function set_max_filename($n)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]446 {
447 $this->max_filename = ((int) $n < 0) ? 0: (int) $n;
448 }
449
450 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]451
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]452 /**
453 * Set Maximum Image Width
454 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]455 * @param integer
456 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]457 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]458 public function set_max_width($n)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]459 {
460 $this->max_width = ((int) $n < 0) ? 0: (int) $n;
461 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]462
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]463 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]464
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]465 /**
466 * Set Maximum Image Height
467 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]468 * @param integer
469 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]470 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]471 public function set_max_height($n)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]472 {
473 $this->max_height = ((int) $n < 0) ? 0: (int) $n;
474 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]475
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]476 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]477
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]478 /**
479 * Set Allowed File Types
480 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]481 * @param string
482 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]483 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]484 public function set_allowed_types($types)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]485 {
Derek Jonese12f64e2010-03-02 22:55:08 -0600[diff] [blame]486 if ( ! is_array($types) && $types == '*')
487 {
488 $this->allowed_types = '*';
489 return;
490 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]491 $this->allowed_types = explode('|', $types);
492 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]493
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]494 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]495
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]496 /**
497 * Set Image Properties
498 *
499 * Uses GD to determine the width/height/type of image
500 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]501 * @param string
502 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]503 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]504 public function set_image_properties($path = '')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]505 {
506 if ( ! $this->is_image())
507 {
508 return;
509 }
510
511 if (function_exists('getimagesize'))
512 {
513 if (FALSE !== ($D = @getimagesize($path)))
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]514 {
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]515 $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
516
517 $this->image_width = $D['0'];
518 $this->image_height = $D['1'];
519 $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
520 $this->image_size_str = $D['3']; // string containing height and width
521 }
522 }
523 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]524
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]525 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]526
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]527 /**
528 * Set XSS Clean
529 *
530 * Enables the XSS flag so that the file that was uploaded
531 * will be run through the XSS filter.
532 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]533 * @param bool
534 * @return void
535 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]536 public function set_xss_clean($flag = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]537 {
538 $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
539 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]540
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]541 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]542
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]543 /**
544 * Validate the image
545 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]546 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]547 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]548 public function is_image()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]549 {
550 // IE will sometimes return odd mime-types during upload, so here we just standardize all
551 // jpegs or pngs to the same file type.
552
553 $png_mimes = array('image/x-png');
554 $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]555
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]556 if (in_array($this->file_type, $png_mimes))
557 {
558 $this->file_type = 'image/png';
559 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]560
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]561 if (in_array($this->file_type, $jpeg_mimes))
562 {
563 $this->file_type = 'image/jpeg';
564 }
565
566 $img_mimes = array(
567 'image/gif',
568 'image/jpeg',
569 'image/png',
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]570 );
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]571
572 return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
573 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]574
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]575 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]576
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]577 /**
578 * Verify that the filetype is allowed
579 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]580 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]581 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]582 public function is_allowed_filetype($ignore_mime = FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]583 {
Derek Jonese12f64e2010-03-02 22:55:08 -0600[diff] [blame]584 if ($this->allowed_types == '*')
585 {
586 return TRUE;
587 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]588
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]589 if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
590 {
591 $this->set_error('upload_no_file_types');
592 return FALSE;
593 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]594
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]595 $ext = strtolower(ltrim($this->file_ext, '.'));
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]596
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]597 if ( ! in_array($ext, $this->allowed_types))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]598 {
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]599 return FALSE;
600 }
Derek Jonesafa282f2009-02-10 17:11:52 +0000[diff] [blame]601
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]602 // Images get some additional checks
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]603 $image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]604
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]605 if (in_array($ext, $image_types))
606 {
607 if (getimagesize($this->file_temp) === FALSE)
Derek Jonesafa282f2009-02-10 17:11:52 +0000[diff] [blame]608 {
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]609 return FALSE;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]610 }
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]611 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]612
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]613 if ($ignore_mime === TRUE)
614 {
615 return TRUE;
616 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]617
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]618 $mime = $this->mimes_types($ext);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]619
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]620 if (is_array($mime))
621 {
622 if (in_array($this->file_type, $mime, TRUE))
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]623 {
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]624 return TRUE;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]625 }
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]626 }
627 elseif ($mime == $this->file_type)
628 {
629 return TRUE;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]630 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]631
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]632 return FALSE;
633 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]634
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]635 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]636
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]637 /**
638 * Verify that the file is within the allowed size
639 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]640 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]641 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]642 public function is_allowed_filesize()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]643 {
644 if ($this->max_size != 0 AND $this->file_size > $this->max_size)
645 {
646 return FALSE;
647 }
648 else
649 {
650 return TRUE;
651 }
652 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]653
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]654 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]655
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]656 /**
657 * Verify that the image is within the allowed width/height
658 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]659 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]660 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]661 public function is_allowed_dimensions()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]662 {
663 if ( ! $this->is_image())
664 {
665 return TRUE;
666 }
667
668 if (function_exists('getimagesize'))
669 {
670 $D = @getimagesize($this->file_temp);
671
672 if ($this->max_width > 0 AND $D['0'] > $this->max_width)
673 {
674 return FALSE;
675 }
676
677 if ($this->max_height > 0 AND $D['1'] > $this->max_height)
678 {
679 return FALSE;
680 }
681
682 return TRUE;
683 }
684
685 return TRUE;
686 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]687
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]688 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]689
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]690 /**
691 * Validate Upload Path
692 *
693 * Verifies that it is a valid upload path with proper permissions.
694 *
695 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]696 * @return bool
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]697 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]698 public function validate_upload_path()
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]699 {
700 if ($this->upload_path == '')
701 {
702 $this->set_error('upload_no_filepath');
703 return FALSE;
704 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]705
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]706 if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
707 {
708 $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
709 }
710
711 if ( ! @is_dir($this->upload_path))
712 {
713 $this->set_error('upload_no_filepath');
714 return FALSE;
715 }
716
717 if ( ! is_really_writable($this->upload_path))
718 {
719 $this->set_error('upload_not_writable');
720 return FALSE;
721 }
722
723 $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
724 return TRUE;
725 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]726
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]727 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]728
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]729 /**
730 * Extract the file extension
731 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]732 * @param string
733 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]734 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]735 public function get_extension($filename)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]736 {
737 $x = explode('.', $filename);
738 return '.'.end($x);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]739 }
740
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]741 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]742
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]743 /**
744 * Clean the file name for security
745 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]746 * @param string
747 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]748 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]749 public function clean_file_name($filename)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]750 {
751 $bad = array(
752 "<!--",
753 "-->",
754 "'",
755 "<",
756 ">",
757 '"',
758 '&',
759 '$',
760 '=',
761 ';',
762 '?',
763 '/',
764 "%20",
765 "%22",
766 "%3c", // <
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]767 "%253c", // <
768 "%3e", // >
769 "%0e", // >
770 "%28", // (
771 "%29", // )
772 "%2528", // (
773 "%26", // &
774 "%24", // $
775 "%3f", // ?
776 "%3b", // ;
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]777 "%3d" // =
778 );
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]779
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]780 $filename = str_replace($bad, '', $filename);
781
782 return stripslashes($filename);
783 }
784
785 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]786
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]787 /**
788 * Limit the File Name Length
789 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]790 * @param string
791 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]792 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]793 public function limit_filename_length($filename, $length)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]794 {
795 if (strlen($filename) < $length)
796 {
797 return $filename;
798 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]799
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]800 $ext = '';
801 if (strpos($filename, '.') !== FALSE)
802 {
803 $parts = explode('.', $filename);
804 $ext = '.'.array_pop($parts);
805 $filename = implode('.', $parts);
806 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]807
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]808 return substr($filename, 0, ($length - strlen($ext))).$ext;
809 }
810
811 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]812
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]813 /**
814 * Runs the file through the XSS clean function
815 *
816 * This prevents people from embedding malicious code in their files.
817 * I'm not sure that it won't negatively affect certain files in unexpected ways,
818 * but so far I haven't found that it causes trouble.
819 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]820 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]821 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]822 public function do_xss_clean()
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]823 {
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]824 $file = $this->file_temp;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]825
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]826 if (filesize($file) == 0)
827 {
828 return FALSE;
829 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]830
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]831 if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '')
832 {
833 $current = ini_get('memory_limit') * 1024 * 1024;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]834
Greg Akerc78a2592010-06-09 11:45:32 -0500[diff] [blame]835 // There was a bug/behavioural change in PHP 5.2, where numbers over one million get output
836 // into scientific notation. number_format() ensures this number is an integer
837 // http://bugs.php.net/bug.php?id=43053
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]838
Greg Akerc78a2592010-06-09 11:45:32 -0500[diff] [blame]839 $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]840
Greg Akerc78a2592010-06-09 11:45:32 -0500[diff] [blame]841 ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]842 }
843
844 // If the file being uploaded is an image, then we should have no problem with XSS attacks (in theory), but
845 // IE can be fooled into mime-type detecting a malformed image as an html file, thus executing an XSS attack on anyone
846 // using IE who looks at the image. It does this by inspecting the first 255 bytes of an image. To get around this
847 // CI will itself look at the first 255 bytes of an image to determine its relative safety. This can save a lot of
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]848 // processor power and time if it is actually a clean image, as it will be in nearly all instances _except_ an
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]849 // attempted XSS attack.
850
851 if (function_exists('getimagesize') && @getimagesize($file) !== FALSE)
852 {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]853 if (($file = @fopen($file, 'rb')) === FALSE) // "b" to force binary
854 {
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]855 return FALSE; // Couldn't open the file, return FALSE
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]856 }
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]857
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]858 $opening_bytes = fread($file, 256);
859 fclose($file);
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]860
861 // These are known to throw IE into mime-type detection chaos
862 // <a, <body, <head, <html, <img, <plaintext, <pre, <script, <table, <title
863 // title is basically just in SVG, but we filter it anyhow
864
865 if ( ! preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\s>]/i', $opening_bytes))
866 {
867 return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good
868 }
869 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]870
871 if (($data = @file_get_contents($file)) === FALSE)
872 {
873 return FALSE;
874 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]875
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]876 $CI =& get_instance();
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]877
Derek Jones30841672010-04-26 09:09:21 -0500[diff] [blame]878 if ( ! isset($CI->security))
Derek Jones5640a712010-04-23 11:22:40 -0500[diff] [blame]879 {
Derek Jones247f0292010-04-26 09:10:21 -0500[diff] [blame]880 $CI->load->library('security');
Derek Jones5640a712010-04-23 11:22:40 -0500[diff] [blame]881 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]882
Greg Akerf82e51c2010-04-14 19:33:50 -0500[diff] [blame]883 return $CI->security->xss_clean($data, TRUE);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]884 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]885
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]886 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]887
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]888 /**
889 * Set an error message
890 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]891 * @param string
892 * @return void
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]893 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]894 public function set_error($msg)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]895 {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]896 $CI =& get_instance();
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]897 $CI->lang->load('upload');
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]898
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]899 if (is_array($msg))
900 {
901 foreach ($msg as $val)
902 {
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]903 $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]904 $this->error_msg[] = $msg;
905 log_message('error', $msg);
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]906 }
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]907 }
908 else
909 {
910 $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
911 $this->error_msg[] = $msg;
912 log_message('error', $msg);
913 }
914 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]915
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]916 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]917
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]918 /**
919 * Display the error message
920 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]921 * @param string
922 * @param string
923 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]924 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]925 public function display_errors($open = '<p>', $close = '</p>')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]926 {
927 $str = '';
928 foreach ($this->error_msg as $val)
929 {
930 $str .= $open.$val.$close;
931 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]932
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]933 return $str;
934 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]935
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]936 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]937
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]938 /**
939 * List of Mime Types
940 *
941 * This is a list of mime types. We use it to validate
942 * the "allowed types" set by the developer
943 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]944 * @param string
945 * @return string
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]946 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]947 public function mimes_types($mime)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]948 {
949 global $mimes;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]950
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]951 if (count($this->mimes) == 0)
952 {
953 if (@require_once(APPPATH.'config/mimes'.EXT))
954 {
955 $this->mimes = $mimes;
956 unset($mimes);
957 }
958 }
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]959
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]960 return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
961 }
962
963 // --------------------------------------------------------------------
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]964
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]965 /**
966 * Prep Filename
967 *
968 * Prevents possible script execution from Apache's handling of files multiple extensions
969 * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
970 *
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]971 * @param string
972 * @return string
973 */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]974 protected function _prep_filename($filename)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]975 {
Greg Aker924000e2010-07-22 11:04:58 -0500[diff] [blame]976 if (strpos($filename, '.') === FALSE OR $this->allowed_types == '*')
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]977 {
978 return $filename;
979 }
Derek Allard616dab82009-02-16 15:44:32 +0000[diff] [blame]980
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]981 $parts = explode('.', $filename);
982 $ext = array_pop($parts);
983 $filename = array_shift($parts);
Derek Allard616dab82009-02-16 15:44:32 +0000[diff] [blame]984
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]985 foreach ($parts as $part)
986 {
Derek Jonese9d723f2010-07-12 10:10:59 -0500[diff] [blame]987 if ( ! in_array(strtolower($part), $this->allowed_types) OR $this->mimes_types(strtolower($part)) === FALSE)
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]988 {
989 $filename .= '.'.$part.'_';
990 }
991 else
992 {
993 $filename .= '.'.$part;
994 }
995 }
Derek Allardd70b0642009-02-16 13:51:42 +0000[diff] [blame]996
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]997 $filename .= '.'.$ext;
Barry Mienydd671972010-10-04 16:33:58 +0200[diff] [blame]998
Derek Allard2067d1a2008-11-13 22:59:24 +0000[diff] [blame]999 return $filename;
1000 }
1001
1002 // --------------------------------------------------------------------
1003
1004}
1005// END Upload Class
1006
1007/* End of file Upload.php */
Greg Aker58fdee82010-11-10 15:07:09 -0600[diff] [blame]1008/* Location: ./system/libraries/Upload.php */