+ /**
+ * Removes malicious parts from a file name
+ *
+ * @param string $file File name from the user
+ *
+ * @return string Fixed and probably secure filename
+ */
+ public static function sanitizeFilename($file)
+ {
+ $file = trim($file);
+ $file = str_replace(array('\\', '//'), '/', $file);
+ $file = str_replace('/../', '/', $file);
+ if (substr($file, 0, 3) == '../') {
+ $file = substr($file, 3);
+ }
+ if (substr($file, 0, 1) == '../') {
+ $file = substr($file, 1);
+ }
+
+ return $file;
+ }
+
+
+ public static function detectBaseUrl()
+ {
+ if (!isset($_SERVER['REQUEST_URI'])
+ || !isset($_SERVER['SCRIPT_NAME'])
+ ) {
+ return '/';
+ }
+
+ $scriptName = $_SERVER['SCRIPT_NAME'];
+ $requestUri = $_SERVER['REQUEST_URI'];
+ if (substr($scriptName, -4) != '.php') {
+ //a phar
+ return $scriptName . '/';
+ }
+
+ if (substr($requestUri, -4) != '.php') {
+ $requestUri .= '.php';
+ }
+ $snl = strlen($scriptName);
+ if (substr($requestUri, -$snl) == $scriptName) {
+ return substr($requestUri, 0, -$snl) . '/';
+ }
+
+ return '/';
+ }
+}
+?>