aboutsummaryrefslogtreecommitdiff
path: root/src/phorkie/Repository/Post.php
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2012-04-17 19:51:12 +0200
committerChristian Weiske <cweiske@cweiske.de>2012-04-17 19:51:12 +0200
commit7290b224b0ddeb369349d61f928190b96b6013b1 (patch)
treefcccee87f678e6c5aad1f4bf8a7656462ce0a68d /src/phorkie/Repository/Post.php
parent8406133d01bfc5fc6c5ed95735e45d7a4adfbb41 (diff)
downloadphorkie-7290b224b0ddeb369349d61f928190b96b6013b1.tar.gz
phorkie-7290b224b0ddeb369349d61f928190b96b6013b1.zip
move filename sanitation to tools
Diffstat (limited to 'src/phorkie/Repository/Post.php')
-rw-r--r--src/phorkie/Repository/Post.php28
1 files changed, 3 insertions, 25 deletions
diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php
index 96e5c11..fa356ee 100644
--- a/src/phorkie/Repository/Post.php
+++ b/src/phorkie/Repository/Post.php
@@ -39,12 +39,12 @@ class Repository_Post
continue;
}
- $orignalName = $this->sanitizeFilename($arFile['original_name']);
- $name = $this->sanitizeFilename($arFile['name']);
+ $orignalName = Tools::sanitizeFilename($arFile['original_name']);
+ $name = Tools::sanitizeFilename($arFile['name']);
if ($name == '') {
if ($bUpload) {
- $name = $this->sanitizeFilename($_FILES['files']['name'][$num]['upload']);
+ $name = Tools::sanitizeFilename($_FILES['files']['name'][$num]['upload']);
} else {
$name = $this->getNextNumberedFile('phork')
. '.' . $arFile['type'];
@@ -145,28 +145,6 @@ class Repository_Post
return $prefix . $num;
}
-
- /**
- * Removes malicious parts from a file name
- *
- * @param string $file File name from the user
- *
- * @return string Fixed and probably secure filename
- */
- public function sanitizeFilename($file)
- {
- $file = trim($file);
- $file = str_replace(array('\\', '//'), '/', $file);
- $file = str_replace('/../', '/', $file);
- if (substr($file, 0, 3) == '../') {
- $file = substr($file, 3);
- }
- if (substr($file, 0, 1) == '../') {
- $file = substr($file, 1);
- }
-
- return $file;
- }
}
?>