ILIAS  release_7 Revision v7.30-3-g800a261c036
InsecureFilenameSanitizerPreProcessor.php
Go to the documentation of this file.
1<?php
2
19namespace ILIAS\FileUpload\Processor;
20
28final class InsecureFilenameSanitizerPreProcessor extends AbstractRecursiveZipPreProcessor implements PreProcessor
29{
30 private $prohibited_names = [
31 '...'
32 ];
33
34 protected function checkPath(string $path) : bool
35 {
36 $path = str_replace('\\', '/', $path);
37 $path = preg_replace('/\/+/', '/', $path);
38 $path = trim($path, '/');
39 $parts = explode('/', $path);
40 foreach ($parts as $part) {
41 if (in_array($part, $this->prohibited_names)) {
42 return false;
43 }
44 }
45 return true;
46 }
47
48 protected function getRejectionMessage() : string
49 {
50 return 'A Security Issue has been detected, File-upload aborted...';
51 }
52
53 protected function getOKMessage() : string
54 {
55 return 'Extension is not blacklisted.';
56 }
57}
php
An exception for terminatinating execution or to throw for unit testing.
ILIAS\FileUpload\Processor
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: AbstractRecursiveZipPreProcessor.php:19