X-Git-Url: https://git.cweiske.de/phorkie.git/blobdiff_plain/992170d966b238ce17504f1c347a501d46d50082..35764754559c893569625c115707eb3bf73d1cfd:/src/phorkie/Tools.php

diff --git a/src/phorkie/Tools.php b/src/phorkie/Tools.php
index d9b7637..843b2df 100644
--- a/src/phorkie/Tools.php
+++ b/src/phorkie/Tools.php
@@ -37,6 +37,29 @@ class Tools
         }
         return $prot . '://' . $_SERVER['HTTP_HOST'] . $path;
     }
+
+    /**
+     * Removes malicious parts from a file name
+     *
+     * @param string $file File name from the user
+     *
+     * @return string Fixed and probably secure filename
+     */
+    public static function sanitizeFilename($file)
+    {
+        $file = trim($file);
+        $file = str_replace(array('\\', '//'), '/', $file);
+        $file = str_replace('/../', '/', $file);
+        if (substr($file, 0, 3) == '../') {
+            $file = substr($file, 3);
+        }
+        if (substr($file, 0, 1) == '../') {
+            $file = substr($file, 1);
+        }
+
+        return $file;
+    }
+
 }
 
 ?>
\ No newline at end of file