diff options
| author | Christian Weiske <cweiske@cweiske.de> | 2012-04-17 19:51:12 +0200 |
|---|---|---|
| committer | Christian Weiske <cweiske@cweiske.de> | 2012-04-17 19:51:12 +0200 |
| commit | 7290b224b0ddeb369349d61f928190b96b6013b1 (patch) | |
| tree | fcccee87f678e6c5aad1f4bf8a7656462ce0a68d /src/phorkie/Repository/Post.php | |
| parent | 8406133d01bfc5fc6c5ed95735e45d7a4adfbb41 (diff) | |
| download | phorkie-7290b224b0ddeb369349d61f928190b96b6013b1.tar.gz phorkie-7290b224b0ddeb369349d61f928190b96b6013b1.zip | |
move filename sanitation to tools
Diffstat (limited to 'src/phorkie/Repository/Post.php')
| -rw-r--r-- | src/phorkie/Repository/Post.php | 28 |
1 files changed, 3 insertions, 25 deletions
diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php index 96e5c11..fa356ee 100644 --- a/src/phorkie/Repository/Post.php +++ b/src/phorkie/Repository/Post.php @@ -39,12 +39,12 @@ class Repository_Post continue; } - $orignalName = $this->sanitizeFilename($arFile['original_name']); - $name = $this->sanitizeFilename($arFile['name']); + $orignalName = Tools::sanitizeFilename($arFile['original_name']); + $name = Tools::sanitizeFilename($arFile['name']); if ($name == '') { if ($bUpload) { - $name = $this->sanitizeFilename($_FILES['files']['name'][$num]['upload']); + $name = Tools::sanitizeFilename($_FILES['files']['name'][$num]['upload']); } else { $name = $this->getNextNumberedFile('phork') . '.' . $arFile['type']; @@ -145,28 +145,6 @@ class Repository_Post return $prefix . $num; } - - /** - * Removes malicious parts from a file name - * - * @param string $file File name from the user - * - * @return string Fixed and probably secure filename - */ - public function sanitizeFilename($file) - { - $file = trim($file); - $file = str_replace(array('\\', '//'), '/', $file); - $file = str_replace('/../', '/', $file); - if (substr($file, 0, 3) == '../') { - $file = substr($file, 3); - } - if (substr($file, 0, 1) == '../') { - $file = substr($file, 1); - } - - return $file; - } } ?> |