FilenameSanitizerImpl.php

Go to the documentation of this file.

<?php
declare(strict_types=1);
 
namespace ILIAS\Filesystem\Security\Sanitizing;
 
use ilFileUtils;
use ILIAS\Filesystem\Util;
 
final class FilenameSanitizerImpl implements FilenameSanitizer
{
 
    private $whitelist;
 
    public function __construct()
    {
        $this->whitelist = ilFileUtils::getValidExtensions();
 
        // the secure file ending must be valid, therefore add it if it got removed from the white list.
        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
            array_push($this->whitelist, FilenameSanitizer::CLEAN_FILE_SUFFIX);
        }
    }
 
    public function isClean(string $filename) : bool
    {
        $suffix = $this->extractFileSuffix($filename);
        if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {
            return false;
        }
 
        return in_array($suffix, $this->whitelist, true);
    }
 
    public function sanitize(string $filename) : string
    {
        $filename = Util::sanitizeFileName($filename);
 
        if ($this->isClean($filename)) {
            return $filename;
        }
 
        $pathInfo = pathinfo($filename);
        $basename = $pathInfo['basename'];
        $parentPath = $pathInfo['dirname'];
 
        $filename = str_replace('.', '', $basename);
        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;
 
        // there is no parent
        if ($parentPath === '') {
            return $filename;
        }
 
        return "$parentPath/$filename";
    }
 
    private function extractFileSuffix($filename)
    {
        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    }
}