d0/d66/FilenameSanitizerImpl_8php_source.html

<?php


namespace ILIAS\Filesystem\Security\Sanitizing;


use ilException;

use ilFileUtils;


final class FilenameSanitizerImpl implements FilenameSanitizer

{


    private $whitelist;


    public function __construct()

    {

        $this->whitelist = ilFileUtils::getValidExtensions();


        // the secure file ending must be valid, therefore add it if it got removed from the white list.

        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {

            array_push($this->whitelist, FilenameSanitizer::CLEAN_FILE_SUFFIX);

        }

    }


    public function isClean($filename)

    {

        $this->validateFilename($filename);

        return in_array($this->extractFileSuffix($filename), $this->whitelist, true);

    }


    public function sanitize($filename)

    {

        $this->validateFilename($filename);

        if ($this->isClean($filename)) {

            return $filename;

        }


        $pathInfo = pathinfo($filename);

        $basename = $pathInfo['basename'];

        $parentPath = $pathInfo['dirname'];


        $filename = str_replace('.', '', $basename);

        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;


        // there is no parent

        if ($parentPath === '') {

            return $filename;

        }


        return "$parentPath/$filename";

    }


    private function extractFileSuffix($filename)

    {

        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));

    }


    private function validateFilename($filename)

    {

        if ($filename === null) {

            throw new ilException("Filename must not be null to get sanitized!");

        }

    }

}

$filename
$filename
Definition: 33chartcreate-stock.php:138

php
An exception for terminatinating execution or to throw for unit testing.

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Definition: FilenameSanitizerImpl.php:20

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct()
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:33

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean($filename)
@inheritDoc
Definition: FilenameSanitizerImpl.php:47

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\$whitelist
$whitelist
Contains the whitelisted file suffixes.
Definition: FilenameSanitizerImpl.php:27

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize
sanitize($filename)
@inheritDoc
Definition: FilenameSanitizerImpl.php:57

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix($filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:88

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\validateFilename
validateFilename($filename)
Validates that the filename is valid for further sanitizing.
Definition: FilenameSanitizerImpl.php:101

ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:35

ilFileUtils
Class ilFileUtils.
Definition: class.ilFileUtils.php:39

ilFileUtils\getValidExtensions
static getValidExtensions()
Valid extensions.
Definition: class.ilFileUtils.php:546

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
Definition: FilenameSanitizer.php:21

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:26

ILIAS\Filesystem\Security\Sanitizing
Definition: FilenameSanitizer.php:3