d0/d66/FilenameSanitizerImpl_8php_source.html

 <?php

 namespace ILIAS\Filesystem\Security\Sanitizing;

 use ilException;
 use ilFileUtils;

 final class FilenameSanitizerImpl implements FilenameSanitizer
 {

     private $whitelist;


     public function __construct()
     {
         $this->whitelist = ilFileUtils::getValidExtensions();

         // the secure file ending must be valid, therefore add it if it got removed from the white list.
         if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
             array_push($this->whitelist, FilenameSanitizer::CLEAN_FILE_SUFFIX);
         }
     }


     public function isClean($filename)
     {
         $this->validateFilename($filename);
         return in_array($this->extractFileSuffix($filename), $this->whitelist, true);
     }


     public function sanitize($filename)
     {
         $this->validateFilename($filename);
         if ($this->isClean($filename)) {
             return $filename;
         }

         $pathInfo = pathinfo($filename);
         $basename = $pathInfo['basename'];
         $parentPath = $pathInfo['dirname'];


         $filename = str_replace('.', '', $basename);
         $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;

         // there is no parent
         if ($parentPath === '') {
             return $filename;
         }

         return "$parentPath/$filename";
     }


     private function extractFileSuffix($filename)
     {
         return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
     }


     private function validateFilename($filename)
     {
         if ($filename === null) {
             throw new ilException("Filename must not be null to get sanitized!");
         }
     }
 }
ilFileUtils

ilException

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix($filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:88

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Definition: FilenameSanitizerImpl.php:19

$filename
$filename
Definition: 33chartcreate-stock.php:138

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\validateFilename
validateFilename($filename)
Validates that the filename is valid for further sanitizing.
Definition: FilenameSanitizerImpl.php:101

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\$whitelist
$whitelist
Definition: FilenameSanitizerImpl.php:27

ILIAS\Filesystem\Security\Sanitizing
Definition: FilenameSanitizer.php:3

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
Definition: FilenameSanitizer.php:20

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct()
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:33

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:26

ilFileUtils\getValidExtensions
static getValidExtensions()
Valid extensions.
Definition: class.ilFileUtils.php:546

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean($filename)
Definition: FilenameSanitizerImpl.php:47

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize
sanitize($filename)
Definition: FilenameSanitizerImpl.php:57