d0/d66/FilenameSanitizerImpl_8php_source.html

 <?php

 declare(strict_types=1);

 namespace ILIAS\Filesystem\Security\Sanitizing;

 use ilFileUtils;
 use ILIAS\Filesystem\Util;

 class FilenameSanitizerImpl implements FilenameSanitizer
 {
     private array $whitelist;


     public function __construct(array $whitelist)
     {
         $this->whitelist = $whitelist;

         // the secure file ending must be valid, therefore add it if it got removed from the white list.
         if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
             $this->whitelist[] = FilenameSanitizer::CLEAN_FILE_SUFFIX;
         }
     }


     public function isClean(string $filename): bool
     {
         $suffix = $this->extractFileSuffix($filename);
         if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {
             return false;
         }

         return in_array($suffix, $this->whitelist, true);
     }


     public function sanitize(string $filename): string
     {
         $filename = Util::sanitizeFileName($filename);

         if ($this->isClean($filename)) {
             return $filename;
         }

         $pathInfo = pathinfo($filename);
         $basename = $pathInfo['basename'];
         $parentPath = $pathInfo['dirname'] === '.' ? '' : $pathInfo['dirname'];


         $filename = str_replace('.', '', $basename);
         $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;

         // there is no parent
         if ($parentPath === '') {
             return $filename;
         }

         return "$parentPath/$filename";
     }


     private function extractFileSuffix(string $filename): string
     {
         return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
     }
 }
ilFileUtils

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Definition: FilenameSanitizerImpl.php:37

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct(array $whitelist)
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:50

ILIAS\Filesystem\Util\sanitizeFileName
static sanitizeFileName(string $filename)
Definition: Util.php:36

ILIAS\Filesystem\Security\Sanitizing
Definition: FilenameSanitizer.php:3

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean(string $filename)
Checks if the filename is prefixed with a valid whitelisted ending.
Definition: FilenameSanitizerImpl.php:61

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
Definition: FilenameSanitizer.php:31

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\$whitelist
array $whitelist
Definition: FilenameSanitizerImpl.php:44

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:36

ILIAS\Filesystem\Util
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: LegacyPathHelper.php:21

$filename
$filename
Definition: buildRTE.php:78

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize
sanitize(string $filename)
Definition: FilenameSanitizerImpl.php:75

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix(string $filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:107