d0/d66/FilenameSanitizerImpl_8php_source.html

<?php

declare(strict_types=1);


namespace ILIAS\Filesystem\Security\Sanitizing;


use ilFileUtils;


final class FilenameSanitizerImpl implements FilenameSanitizer

{


    private $whitelist;


    public function __construct()

    {

        $this->whitelist = ilFileUtils::getValidExtensions();


        // the secure file ending must be valid, therefore add it if it got removed from the white list.

        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {

            array_push($this->whitelist, FilenameSanitizer::CLEAN_FILE_SUFFIX);

        }

    }


    public function isClean(string $filename) : bool

    {

        return in_array($this->extractFileSuffix($filename), $this->whitelist, true);

    }


    public function sanitize(string $filename) : string

    {

        if ($this->isClean($filename)) {

            return $filename;

        }


        $pathInfo = pathinfo($filename);

        $basename = $pathInfo['basename'];

        $parentPath = $pathInfo['dirname'];


        $filename = str_replace('.', '', $basename);

        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;


        // there is no parent

        if ($parentPath === '') {

            return $filename;

        }


        return "$parentPath/$filename";

    }


    private function extractFileSuffix($filename)

    {

        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));

    }

}

$filename
$filename
Definition: buildRTE.php:89

php
An exception for terminatinating execution or to throw for unit testing.

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Definition: FilenameSanitizerImpl.php:20

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct()
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:33

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\$whitelist
$whitelist
Contains the whitelisted file suffixes.
Definition: FilenameSanitizerImpl.php:27

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean(string $filename)
@inheritDoc
Definition: FilenameSanitizerImpl.php:47

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix($filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:86

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize
sanitize(string $filename)
@inheritDoc
Definition: FilenameSanitizerImpl.php:56

ilFileUtils
Class ilFileUtils.
Definition: class.ilFileUtils.php:39

ilFileUtils\getValidExtensions
static getValidExtensions()
Valid extensions.
Definition: class.ilFileUtils.php:546

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
Definition: FilenameSanitizer.php:19

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:24

ILIAS\Filesystem\Security\Sanitizing
Definition: FilenameSanitizer.php:3