ILIAS
release_6 Revision v6.24-5-g0c8bfefb3b8
◀ ilDoc Overview
Main Page
Related Pages
Modules
+
Namespaces
Namespace List
+
Namespace Members
+
All
$
_
a
b
c
d
e
f
g
h
i
j
l
m
p
s
t
w
+
Functions
_
a
b
c
f
g
h
i
s
t
w
+
Variables
$
c
d
e
f
g
h
j
l
m
p
s
t
+
Data Structures
Data Structures
Data Structure Index
Class Hierarchy
+
Data Fields
+
All
$
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
+
Functions
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
+
Variables
$
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
+
Files
File List
+
Globals
+
All
$
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
+
Functions
_
a
b
c
d
e
f
g
h
i
l
m
n
o
p
r
s
t
u
v
w
x
+
Variables
$
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
z
Examples
•
All
Data Structures
Namespaces
Files
Functions
Variables
Modules
Pages
InsecureFilenameSanitizerPreProcessor.php
Go to the documentation of this file.
1
<?php
2
19
namespace
ILIAS\FileUpload\Processor
;
20
28
final
class
InsecureFilenameSanitizerPreProcessor
extends
AbstractRecursiveZipPreProcessor
implements
PreProcessor
29
{
30
private
$prohibited_names
= [
31
'...'
32
];
33
34
protected
function
checkPath
(
string
$path) : bool
35
{
36
$path = str_replace(
'\\'
,
'/'
, $path);
37
$path = preg_replace(
'/\/+/'
,
'/'
, $path);
38
$path = trim($path,
'/'
);
39
$parts = explode(
'/'
, $path);
40
foreach
($parts as $part) {
41
if
(in_array($part, $this->prohibited_names)) {
42
return
false
;
43
}
44
}
45
return
true
;
46
}
47
48
protected
function
getRejectionMessage
() : string
49
{
50
return
'A Security Issue has been detected, File-upload aborted...'
;
51
}
52
53
protected
function
getOKMessage
() : string
54
{
55
return
'Extension is not blacklisted.'
;
56
}
57
}
ILIAS\FileUpload\Processor\PreProcessor
Class PreProcessor.
Definition:
PreProcessor.php:22
ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
AbstractRecursiveZipPreProcessor.php:32
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
InsecureFilenameSanitizerPreProcessor.php:28
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\$prohibited_names
$prohibited_names
Definition:
InsecureFilenameSanitizerPreProcessor.php:30
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\checkPath
checkPath(string $path)
Definition:
InsecureFilenameSanitizerPreProcessor.php:34
ILIAS\FileUpload\Processor
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition:
AbstractRecursiveZipPreProcessor.php:19
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\getRejectionMessage
getRejectionMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:48
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\getOKMessage
getOKMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:53
src
FileUpload
Processor
InsecureFilenameSanitizerPreProcessor.php
Generated on Sat Apr 5 2025 20:01:37 for ILIAS by
1.8.13 (using
Doxyfile
)
1.8.13 (using Doxyfile)