From: Christian Weiske <cweiske@cweiske.de>
Date: Tue, 17 Apr 2012 17:51:12 +0000 (+0200)
Subject: move filename sanitation to tools
X-Git-Tag: v0.1.0~18
X-Git-Url: https://git.cweiske.de/phorkie.git/commitdiff_plain/7290b224b0ddeb369349d61f928190b96b6013b1

move filename sanitation to tools
---

diff --git a/src/phorkie/Repository/Post.php b/src/phorkie/Repository/Post.php
index 96e5c11..fa356ee 100644
--- a/src/phorkie/Repository/Post.php
+++ b/src/phorkie/Repository/Post.php
@@ -39,12 +39,12 @@ class Repository_Post
                 continue;
             }
 
-            $orignalName = $this->sanitizeFilename($arFile['original_name']);
-            $name        = $this->sanitizeFilename($arFile['name']);
+            $orignalName = Tools::sanitizeFilename($arFile['original_name']);
+            $name        = Tools::sanitizeFilename($arFile['name']);
 
             if ($name == '') {
                 if ($bUpload) {
-                    $name = $this->sanitizeFilename($_FILES['files']['name'][$num]['upload']);
+                    $name = Tools::sanitizeFilename($_FILES['files']['name'][$num]['upload']);
                 } else {
                     $name = $this->getNextNumberedFile('phork')
                         . '.' . $arFile['type'];
@@ -145,28 +145,6 @@ class Repository_Post
 
         return $prefix . $num;
     }
-
-    /**
-     * Removes malicious parts from a file name
-     *
-     * @param string $file File name from the user
-     *
-     * @return string Fixed and probably secure filename
-     */
-    public function sanitizeFilename($file)
-    {
-        $file = trim($file);
-        $file = str_replace(array('\\', '//'), '/', $file);
-        $file = str_replace('/../', '/', $file);
-        if (substr($file, 0, 3) == '../') {
-            $file = substr($file, 3);
-        }
-        if (substr($file, 0, 1) == '../') {
-            $file = substr($file, 1);
-        }
-
-        return $file;
-    }
 }
 
 ?>
diff --git a/src/phorkie/Tools.php b/src/phorkie/Tools.php
index d9b7637..843b2df 100644
--- a/src/phorkie/Tools.php
+++ b/src/phorkie/Tools.php
@@ -37,6 +37,29 @@ class Tools
         }
         return $prot . '://' . $_SERVER['HTTP_HOST'] . $path;
     }
+
+    /**
+     * Removes malicious parts from a file name
+     *
+     * @param string $file File name from the user
+     *
+     * @return string Fixed and probably secure filename
+     */
+    public static function sanitizeFilename($file)
+    {
+        $file = trim($file);
+        $file = str_replace(array('\\', '//'), '/', $file);
+        $file = str_replace('/../', '/', $file);
+        if (substr($file, 0, 3) == '../') {
+            $file = substr($file, 3);
+        }
+        if (substr($file, 0, 1) == '../') {
+            $file = substr($file, 1);
+        }
+
+        return $file;
+    }
+
 }
 
 ?>
\ No newline at end of file