FilenameSanitizerImpl.php

Go to the documentation of this file.

<?php
declare(strict_types=1);

namespace ILIAS\Filesystem\Security\Sanitizing;

use ilFileUtils;

final class FilenameSanitizerImpl implements FilenameSanitizer
{

    private $whitelist;


    public function __construct()
    {
        $this->whitelist = ilFileUtils::getValidExtensions();

        // the secure file ending must be valid, therefore add it if it got removed from the white list.
        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
            array_push($this->whitelist, FilenameSanitizer::CLEAN_FILE_SUFFIX);
        }
    }


    public function isClean(string $filename) : bool
    {
        return in_array($this->extractFileSuffix($filename), $this->whitelist, true);
    }


    public function sanitize(string $filename) : string
    {
        if ($this->isClean($filename)) {
            return $filename;
        }

        $pathInfo = pathinfo($filename);
        $basename = $pathInfo['basename'];
        $parentPath = $pathInfo['dirname'];


        $filename = str_replace('.', '', $basename);
        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;

        // there is no parent
        if ($parentPath === '') {
            return $filename;
        }

        return "$parentPath/$filename";
    }


    private function extractFileSuffix($filename)
    {
        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    }
}