git.cweiske.de / phorkie.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
customizable top bar
[phorkie.git] / src / phorkie / Repository / Post.php
diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php
index 045bba10c3399b7024ce254a7f69ebb0fc70c26b..fa356ee3cb0fcfa5ac266fc2898fa69e52f8d462 100644 (file)
--- a/src/phorkie/Repository/Post.php
+++ b/src/phorkie/Repository/Post.php
@@ -39,12 +39,12 @@ class Repository_Post
                 continue;
             }
 
-            $orignalName = $this->sanitizeFilename($arFile['original_name']);
-            $name        = $this->sanitizeFilename($arFile['name']);
+            $orignalName = Tools::sanitizeFilename($arFile['original_name']);
+            $name        = Tools::sanitizeFilename($arFile['name']);
 
             if ($name == '') {
                 if ($bUpload) {
-                    $name = $this->sanitizeFilename($_FILES['files']['name'][$num]['upload']);
+                    $name = Tools::sanitizeFilename($_FILES['files']['name'][$num]['upload']);
                 } else {
                     $name = $this->getNextNumberedFile('phork')
                         . '.' . $arFile['type'];
@@ -88,14 +88,14 @@ class Repository_Post
                 $bChanged = true;
             } else if ($bUpload) {
                 move_uploaded_file(
-                    $_FILES['files']['tmp_name'][$num]['upload'], $file->getPath()
+                    $_FILES['files']['tmp_name'][$num]['upload'], $file->getFullPath()
                 );
                 $command = $vc->getCommand('add')
                     ->addArgument($file->getFilename())
                     ->execute();
                 $bChanged = true;
             } else if ($bNew || (isset($arFile['content']) && $file->getContent() != $arFile['content'])) {
-                file_put_contents($file->getPath(), $arFile['content']);
+                file_put_contents($file->getFullPath(), $arFile['content']);
                 $command = $vc->getCommand('add')
                     ->addArgument($file->getFilename())
                     ->execute();
@@ -145,28 +145,6 @@ class Repository_Post
 
         return $prefix . $num;
     }
-
-    /**
-     * Removes malicious parts from a file name
-     *
-     * @param string $file File name from the user
-     *
-     * @return string Fixed and probably secure filename
-     */
-    public function sanitizeFilename($file)
-    {
-        $file = trim($file);
-        $file = str_replace(array('\\', '//'), '/', $file);
-        $file = str_replace('/../', '/', $file);
-        if (substr($file, 0, 3) == '../') {
-            $file = substr($file, 3);
-        }
-        if (substr($file, 0, 1) == '../') {
-            $file = substr($file, 1);
-        }
-
-        return $file;
-    }
 }
 
 ?>
Self-hosted pastebin software written in PHP. Pastes are editable, may have multiple files and are stored in git repositories.