Gitiles
Code Review Sign In
www.giggi.me / code-igniter-v3-giggi / 6945097110d174950b13d3d8407f8c0282a178af / . / system / libraries / Upload.php
blob: 4a615352ea7c959f5c0499c229ae5c4d87b46ea8 [file] [log] [blame]
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]1<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]2/**
3 * CodeIgniter
4 *
5 * An open source application development framework for PHP 4.3.2 or newer
6 *
7 * @package CodeIgniter
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]8 * @author ExpressionEngine Dev Team
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]9 * @copyright Copyright (c) 2006, EllisLab, Inc.
Derek Jones7a9193a2008-01-21 18:39:20 +0000[diff] [blame]10 * @license http://codeigniter.com/user_guide/license.html
11 * @link http://codeigniter.com
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]12 * @since Version 1.0
13 * @filesource
14 */
15
16// ------------------------------------------------------------------------
17
18/**
19 * File Uploading Class
20 *
21 * @package CodeIgniter
22 * @subpackage Libraries
23 * @category Uploads
Derek Allard3d879d52008-01-18 19:41:32 +0000[diff] [blame]24 * @author ExpressionEngine Dev Team
Derek Jones7a9193a2008-01-21 18:39:20 +0000[diff] [blame]25 * @link http://codeigniter.com/user_guide/libraries/file_uploading.html
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]26 */
27class CI_Upload {
28
29 var $max_size = 0;
30 var $max_width = 0;
31 var $max_height = 0;
32 var $allowed_types = "";
33 var $file_temp = "";
34 var $file_name = "";
35 var $orig_name = "";
36 var $file_type = "";
37 var $file_size = "";
38 var $file_ext = "";
39 var $upload_path = "";
40 var $overwrite = FALSE;
41 var $encrypt_name = FALSE;
42 var $is_image = FALSE;
43 var $image_width = '';
44 var $image_height = '';
45 var $image_type = '';
46 var $image_size_str = '';
47 var $error_msg = array();
48 var $mimes = array();
49 var $remove_spaces = TRUE;
50 var $xss_clean = FALSE;
51 var $temp_prefix = "temp_file_";
52
53 /**
54 * Constructor
55 *
56 * @access public
57 */
58 function CI_Upload($props = array())
59 {
60 if (count($props) > 0)
61 {
62 $this->initialize($props);
63 }
64
65 log_message('debug', "Upload Class Initialized");
66 }
67
68 // --------------------------------------------------------------------
69
70 /**
71 * Initialize preferences
72 *
73 * @access public
74 * @param array
75 * @return void
76 */
77 function initialize($config = array())
78 {
79 $defaults = array(
80 'max_size' => 0,
81 'max_width' => 0,
82 'max_height' => 0,
83 'allowed_types' => "",
84 'file_temp' => "",
85 'file_name' => "",
86 'orig_name' => "",
87 'file_type' => "",
88 'file_size' => "",
89 'file_ext' => "",
90 'upload_path' => "",
91 'overwrite' => FALSE,
92 'encrypt_name' => FALSE,
93 'is_image' => FALSE,
94 'image_width' => '',
95 'image_height' => '',
96 'image_type' => '',
97 'image_size_str' => '',
98 'error_msg' => array(),
99 'mimes' => array(),
100 'remove_spaces' => TRUE,
101 'xss_clean' => FALSE,
102 'temp_prefix' => "temp_file_"
103 );
104
105
106 foreach ($defaults as $key => $val)
107 {
108 if (isset($config[$key]))
109 {
110 $method = 'set_'.$key;
111 if (method_exists($this, $method))
112 {
113 $this->$method($config[$key]);
114 }
115 else
116 {
117 $this->$key = $config[$key];
118 }
119 }
120 else
121 {
122 $this->$key = $val;
123 }
124 }
125 }
126
127 // --------------------------------------------------------------------
128
129 /**
130 * Perform the file upload
131 *
132 * @access public
133 * @return bool
134 */
135 function do_upload($field = 'userfile')
136 {
137 // Is $_FILES[$field] set? If not, no reason to continue.
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]138 if ( ! isset($_FILES[$field]))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]139 {
Derek Allard9ece7432008-01-29 01:15:19 +0000[diff] [blame]140 $this->set_error('upload_no_file_selected');
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]141 return FALSE;
142 }
143
144 // Is the upload path valid?
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]145 if ( ! $this->validate_upload_path())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]146 {
Derek Jones8e946462008-05-08 19:55:35 +0000[diff] [blame]147 // errors will already be set by validate_upload_path() so just return FALSE
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]148 return FALSE;
149 }
150
151 // Was the file able to be uploaded? If not, determine the reason why.
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]152 if ( ! is_uploaded_file($_FILES[$field]['tmp_name']))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]153 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]154 $error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]155
156 switch($error)
157 {
Derek Jonesc4c0ac42008-01-18 20:45:28 +0000[diff] [blame]158 case 1: // UPLOAD_ERR_INI_SIZE
159 $this->set_error('upload_file_exceeds_limit');
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]160 break;
Derek Jonesc4c0ac42008-01-18 20:45:28 +0000[diff] [blame]161 case 2: // UPLOAD_ERR_FORM_SIZE
162 $this->set_error('upload_file_exceeds_form_limit');
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]163 break;
Derek Jonesc4c0ac42008-01-18 20:45:28 +0000[diff] [blame]164 case 3: // UPLOAD_ERR_PARTIAL
165 $this->set_error('upload_file_partial');
166 break;
167 case 4: // UPLOAD_ERR_NO_FILE
168 $this->set_error('upload_no_file_selected');
169 break;
170 case 6: // UPLOAD_ERR_NO_TMP_DIR
171 $this->set_error('upload_no_temp_directory');
172 break;
173 case 7: // UPLOAD_ERR_CANT_WRITE
174 $this->set_error('upload_unable_to_write_file');
175 break;
176 case 8: // UPLOAD_ERR_EXTENSION
177 $this->set_error('upload_stopped_by_extension');
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]178 break;
179 default : $this->set_error('upload_no_file_selected');
180 break;
181 }
182
183 return FALSE;
184 }
185
186 // Set the uploaded data as class variables
187 $this->file_temp = $_FILES[$field]['tmp_name'];
Derek Jones6ef8b692008-03-17 19:09:12 +0000[diff] [blame]188 $this->file_name = $this->_prep_filename($_FILES[$field]['name']);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]189 $this->file_size = $_FILES[$field]['size'];
190 $this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
191 $this->file_type = strtolower($this->file_type);
192 $this->file_ext = $this->get_extension($_FILES[$field]['name']);
193
194 // Convert the file size to kilobytes
195 if ($this->file_size > 0)
196 {
197 $this->file_size = round($this->file_size/1024, 2);
198 }
199
200 // Is the file type allowed to be uploaded?
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]201 if ( ! $this->is_allowed_filetype())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]202 {
203 $this->set_error('upload_invalid_filetype');
204 return FALSE;
205 }
206
207 // Is the file size within the allowed maximum?
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]208 if ( ! $this->is_allowed_filesize())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]209 {
210 $this->set_error('upload_invalid_filesize');
211 return FALSE;
212 }
213
214 // Are the image dimensions within the allowed size?
215 // Note: This can fail if the server has an open_basdir restriction.
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]216 if ( ! $this->is_allowed_dimensions())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]217 {
218 $this->set_error('upload_invalid_dimensions');
219 return FALSE;
220 }
221
222 // Sanitize the file name for security
223 $this->file_name = $this->clean_file_name($this->file_name);
224
225 // Remove white spaces in the name
226 if ($this->remove_spaces == TRUE)
227 {
228 $this->file_name = preg_replace("/\s+/", "_", $this->file_name);
229 }
230
231 /*
232 * Validate the file name
233 * This function appends an number onto the end of
234 * the file if one with the same name already exists.
235 * If it returns false there was a problem.
236 */
237 $this->orig_name = $this->file_name;
238
239 if ($this->overwrite == FALSE)
240 {
241 $this->file_name = $this->set_filename($this->upload_path, $this->file_name);
242
243 if ($this->file_name === FALSE)
244 {
245 return FALSE;
246 }
247 }
248
249 /*
250 * Move the file to the final destination
251 * To deal with different server configurations
252 * we'll attempt to use copy() first. If that fails
253 * we'll use move_uploaded_file(). One of the two should
254 * reliably work in most environments
255 */
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]256 if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]257 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]258 if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]259 {
260 $this->set_error('upload_destination_error');
261 return FALSE;
262 }
263 }
264
265 /*
266 * Run the file through the XSS hacking filter
267 * This helps prevent malicious code from being
268 * embedded within a file. Scripts can easily
269 * be disguised as images or other file types.
270 */
271 if ($this->xss_clean == TRUE)
272 {
273 $this->do_xss_clean();
274 }
275
276 /*
277 * Set the finalized image dimensions
278 * This sets the image width/height (assuming the
279 * file was an image). We use this information
280 * in the "data" function.
281 */
282 $this->set_image_properties($this->upload_path.$this->file_name);
283
284 return TRUE;
285 }
286
287 // --------------------------------------------------------------------
288
289 /**
290 * Finalized Data Array
291 *
292 * Returns an associative array containing all of the information
293 * related to the upload, allowing the developer easy access in one array.
294 *
295 * @access public
296 * @return array
297 */
298 function data()
299 {
300 return array (
301 'file_name' => $this->file_name,
302 'file_type' => $this->file_type,
303 'file_path' => $this->upload_path,
304 'full_path' => $this->upload_path.$this->file_name,
305 'raw_name' => str_replace($this->file_ext, '', $this->file_name),
306 'orig_name' => $this->orig_name,
307 'file_ext' => $this->file_ext,
308 'file_size' => $this->file_size,
309 'is_image' => $this->is_image(),
310 'image_width' => $this->image_width,
311 'image_height' => $this->image_height,
312 'image_type' => $this->image_type,
313 'image_size_str' => $this->image_size_str,
314 );
315 }
316
317 // --------------------------------------------------------------------
318
319 /**
320 * Set Upload Path
321 *
322 * @access public
323 * @param string
324 * @return void
325 */
326 function set_upload_path($path)
327 {
328 $this->upload_path = $path;
329 }
330
331 // --------------------------------------------------------------------
332
333 /**
334 * Set the file name
335 *
336 * This function takes a filename/path as input and looks for the
337 * existence of a file with the same name. If found, it will append a
338 * number to the end of the filename to avoid overwriting a pre-existing file.
339 *
340 * @access public
341 * @param string
342 * @param string
343 * @return string
344 */
345 function set_filename($path, $filename)
346 {
347 if ($this->encrypt_name == TRUE)
348 {
349 mt_srand();
350 $filename = md5(uniqid(mt_rand())).$this->file_ext;
351 }
352
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]353 if ( ! file_exists($path.$filename))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]354 {
355 return $filename;
356 }
357
358 $filename = str_replace($this->file_ext, '', $filename);
359
360 $new_filename = '';
361 for ($i = 1; $i < 100; $i++)
362 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]363 if ( ! file_exists($path.$filename.$i.$this->file_ext))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]364 {
365 $new_filename = $filename.$i.$this->file_ext;
366 break;
367 }
368 }
369
370 if ($new_filename == '')
371 {
372 $this->set_error('upload_bad_filename');
373 return FALSE;
374 }
375 else
376 {
377 return $new_filename;
378 }
379 }
380
381 // --------------------------------------------------------------------
382
383 /**
384 * Set Maximum File Size
385 *
386 * @access public
387 * @param integer
388 * @return void
389 */
390 function set_max_filesize($n)
391 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]392 $this->max_size = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]393 }
394
395 // --------------------------------------------------------------------
396
397 /**
398 * Set Maximum Image Width
399 *
400 * @access public
401 * @param integer
402 * @return void
403 */
404 function set_max_width($n)
405 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]406 $this->max_width = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]407 }
408
409 // --------------------------------------------------------------------
410
411 /**
412 * Set Maximum Image Height
413 *
414 * @access public
415 * @param integer
416 * @return void
417 */
418 function set_max_height($n)
419 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]420 $this->max_height = ( ! eregi("^[[:digit:]]+$", $n)) ? 0 : $n;
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]421 }
422
423 // --------------------------------------------------------------------
424
425 /**
426 * Set Allowed File Types
427 *
428 * @access public
429 * @param string
430 * @return void
431 */
432 function set_allowed_types($types)
433 {
434 $this->allowed_types = explode('|', $types);
435 }
436
437 // --------------------------------------------------------------------
438
439 /**
440 * Set Image Properties
441 *
442 * Uses GD to determine the width/height/type of image
443 *
444 * @access public
445 * @param string
446 * @return void
447 */
448 function set_image_properties($path = '')
449 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]450 if ( ! $this->is_image())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]451 {
452 return;
453 }
454
455 if (function_exists('getimagesize'))
456 {
457 if (FALSE !== ($D = @getimagesize($path)))
458 {
459 $types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
460
461 $this->image_width = $D['0'];
462 $this->image_height = $D['1'];
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]463 $this->image_type = ( ! isset($types[$D['2']])) ? 'unknown' : $types[$D['2']];
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]464 $this->image_size_str = $D['3']; // string containing height and width
465 }
466 }
467 }
468
469 // --------------------------------------------------------------------
470
471 /**
472 * Set XSS Clean
473 *
474 * Enables the XSS flag so that the file that was uploaded
475 * will be run through the XSS filter.
476 *
477 * @access public
478 * @param bool
479 * @return void
480 */
481 function set_xss_clean($flag = FALSE)
482 {
483 $this->xss_clean = ($flag == TRUE) ? TRUE : FALSE;
484 }
485
486 // --------------------------------------------------------------------
487
488 /**
489 * Validate the image
490 *
491 * @access public
492 * @return bool
493 */
494 function is_image()
495 {
paulburdick2f35c4b2007-06-24 20:29:09 +0000[diff] [blame]496 // IE will sometimes return odd mime-types during upload, so here we just standardize all
497 // jpegs or pngs to the same file type.
498
499 $png_mimes = array('image/x-png');
500 $jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
501
502 if (in_array($this->file_type, $png_mimes))
503 {
504 $this->file_type = 'image/png';
505 }
506
507 if (in_array($this->file_type, $jpeg_mimes))
508 {
509 $this->file_type = 'image/jpeg';
510 }
511
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]512 $img_mimes = array(
513 'image/gif',
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]514 'image/jpeg',
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]515 'image/png',
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]516 );
517
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]518 return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
519 }
520
521 // --------------------------------------------------------------------
522
523 /**
524 * Verify that the filetype is allowed
525 *
526 * @access public
527 * @return bool
528 */
529 function is_allowed_filetype()
530 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]531 if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]532 {
533 $this->set_error('upload_no_file_types');
534 return FALSE;
535 }
536
537 foreach ($this->allowed_types as $val)
538 {
539 $mime = $this->mimes_types(strtolower($val));
540
541 if (is_array($mime))
542 {
543 if (in_array($this->file_type, $mime, TRUE))
544 {
545 return TRUE;
546 }
547 }
548 else
549 {
550 if ($mime == $this->file_type)
551 {
552 return TRUE;
553 }
554 }
555 }
556
557 return FALSE;
558 }
559
560 // --------------------------------------------------------------------
561
562 /**
563 * Verify that the file is within the allowed size
564 *
565 * @access public
566 * @return bool
567 */
568 function is_allowed_filesize()
569 {
570 if ($this->max_size != 0 AND $this->file_size > $this->max_size)
571 {
572 return FALSE;
573 }
574 else
575 {
576 return TRUE;
577 }
578 }
579
580 // --------------------------------------------------------------------
581
582 /**
583 * Verify that the image is within the allowed width/height
584 *
585 * @access public
586 * @return bool
587 */
588 function is_allowed_dimensions()
589 {
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]590 if ( ! $this->is_image())
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]591 {
592 return TRUE;
593 }
594
595 if (function_exists('getimagesize'))
596 {
597 $D = @getimagesize($this->file_temp);
598
599 if ($this->max_width > 0 AND $D['0'] > $this->max_width)
600 {
601 return FALSE;
602 }
603
604 if ($this->max_height > 0 AND $D['1'] > $this->max_height)
605 {
606 return FALSE;
607 }
608
609 return TRUE;
610 }
611
612 return TRUE;
613 }
614
615 // --------------------------------------------------------------------
616
617 /**
618 * Validate Upload Path
619 *
620 * Verifies that it is a valid upload path with proper permissions.
621 *
622 *
623 * @access public
624 * @return bool
625 */
626 function validate_upload_path()
627 {
628 if ($this->upload_path == '')
629 {
630 $this->set_error('upload_no_filepath');
631 return FALSE;
632 }
633
634 if (function_exists('realpath') AND @realpath($this->upload_path) !== FALSE)
635 {
636 $this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
637 }
638
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]639 if ( ! @is_dir($this->upload_path))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]640 {
641 $this->set_error('upload_no_filepath');
642 return FALSE;
643 }
644
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]645 if ( ! is_really_writable($this->upload_path))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]646 {
647 $this->set_error('upload_not_writable');
648 return FALSE;
649 }
650
651 $this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
652 return TRUE;
653 }
654
655 // --------------------------------------------------------------------
656
657 /**
658 * Extract the file extension
659 *
660 * @access public
661 * @param string
662 * @return string
663 */
664 function get_extension($filename)
665 {
666 $x = explode('.', $filename);
667 return '.'.end($x);
668 }
669
670 // --------------------------------------------------------------------
671
672 /**
673 * Clean the file name for security
674 *
675 * @access public
676 * @param string
677 * @return string
678 */
679 function clean_file_name($filename)
680 {
681 $bad = array(
682 "<!--",
683 "-->",
684 "'",
685 "<",
686 ">",
687 '"',
688 '&',
689 '$',
690 '=',
691 ';',
692 '?',
693 '/',
694 "%20",
695 "%22",
696 "%3c", // <
697 "%253c", // <
698 "%3e", // >
699 "%0e", // >
700 "%28", // (
701 "%29", // )
702 "%2528", // (
703 "%26", // &
704 "%24", // $
705 "%3f", // ?
706 "%3b", // ;
707 "%3d" // =
708 );
709
Derek Jonesefb5a0d2008-07-13 21:31:56 +0000[diff] [blame]710 $filename = str_replace($bad, '', $filename);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]711
Derek Allarda6657432008-01-26 15:26:33 +0000[diff] [blame]712 return stripslashes($filename);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]713 }
714
715 // --------------------------------------------------------------------
716
717 /**
718 * Runs the file through the XSS clean function
719 *
720 * This prevents people from embedding malicious code in their files.
721 * I'm not sure that it won't negatively affect certain files in unexpected ways,
722 * but so far I haven't found that it causes trouble.
723 *
724 * @access public
725 * @return void
726 */
727 function do_xss_clean()
728 {
729 $file = $this->upload_path.$this->file_name;
730
731 if (filesize($file) == 0)
732 {
733 return FALSE;
734 }
Rick Ellis63966df2007-06-11 04:44:11 +0000[diff] [blame]735
paulburdick3c5e3732007-06-24 20:27:42 +0000[diff] [blame]736 if (($data = @file_get_contents($file)) === FALSE)
Rick Ellis64bbd042007-06-11 04:35:52 +0000[diff] [blame]737 {
738 return FALSE;
739 }
740
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]741 if ( ! $fp = @fopen($file, FOPEN_READ_WRITE))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]742 {
743 return FALSE;
744 }
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]745
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]746 $CI =& get_instance();
747 $data = $CI->input->xss_clean($data);
Rick Ellis64bbd042007-06-11 04:35:52 +0000[diff] [blame]748
749 flock($fp, LOCK_EX);
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]750 fwrite($fp, $data);
751 flock($fp, LOCK_UN);
752 fclose($fp);
753 }
754
755 // --------------------------------------------------------------------
756
757 /**
758 * Set an error message
759 *
760 * @access public
761 * @param string
762 * @return void
763 */
764 function set_error($msg)
765 {
766 $CI =& get_instance();
767 $CI->lang->load('upload');
768
769 if (is_array($msg))
770 {
771 foreach ($msg as $val)
772 {
773 $msg = ($CI->lang->line($val) == FALSE) ? $val : $CI->lang->line($val);
774 $this->error_msg[] = $msg;
775 log_message('error', $msg);
776 }
777 }
778 else
779 {
780 $msg = ($CI->lang->line($msg) == FALSE) ? $msg : $CI->lang->line($msg);
781 $this->error_msg[] = $msg;
782 log_message('error', $msg);
783 }
784 }
785
786 // --------------------------------------------------------------------
787
788 /**
789 * Display the error message
790 *
791 * @access public
792 * @param string
793 * @param string
794 * @return string
795 */
796 function display_errors($open = '<p>', $close = '</p>')
797 {
798 $str = '';
799 foreach ($this->error_msg as $val)
800 {
801 $str .= $open.$val.$close;
802 }
803
804 return $str;
805 }
806
807 // --------------------------------------------------------------------
808
809 /**
810 * List of Mime Types
811 *
812 * This is a list of mime types. We use it to validate
813 * the "allowed types" set by the developer
814 *
815 * @access public
816 * @param string
817 * @return string
818 */
819 function mimes_types($mime)
820 {
Derek Allardd9d379c2008-05-14 21:26:35 +0000[diff] [blame]821 global $mimes;
822
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]823 if (count($this->mimes) == 0)
824 {
Derek Allardd9d379c2008-05-14 21:26:35 +0000[diff] [blame]825 if (@require_once(APPPATH.'config/mimes'.EXT))
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]826 {
827 $this->mimes = $mimes;
828 unset($mimes);
829 }
830 }
831
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]832 return ( ! isset($this->mimes[$mime])) ? FALSE : $this->mimes[$mime];
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]833 }
834
Derek Jones6ef8b692008-03-17 19:09:12 +0000[diff] [blame]835 /**
836 * Prep Filename
837 *
838 * Prevents possible script execution from Apache's handling of files multiple extensions
Derek Allard993925b2008-08-21 12:43:31 +0000[diff] [blame]839 * http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
Derek Jones6ef8b692008-03-17 19:09:12 +0000[diff] [blame]840 *
841 * @access private
842 * @param string
843 * @return string
844 */
845 function _prep_filename($filename)
846 {
847 if (strpos($filename, '.') === FALSE)
848 {
849 return $filename;
850 }
851
852 $parts = explode('.', $filename);
853 $ext = array_pop($parts);
854 $filename = array_shift($parts);
855
856 foreach ($parts as $part)
857 {
858 if ($this->mimes_types(strtolower($part)) === FALSE)
859 {
860 $filename .= '.'.$part.'_';
861 }
862 else
863 {
864 $filename .= '.'.$part;
865 }
866 }
867
868 $filename .= '.'.$ext;
869
870 return $filename;
871 }
872
873 // --------------------------------------------------------------------
874
Derek Allardd2df9bc2007-04-15 17:41:17 +0000[diff] [blame]875}
876// END Upload Class
Derek Jones0b59f272008-05-13 04:22:33 +0000[diff] [blame]877
878/* End of file Upload.php */
Derek Jonesa3ffbbb2008-05-11 18:18:29 +0000[diff] [blame]879/* Location: ./system/libraries/Upload.php */