d0/d66/FilenameSanitizerImpl_8php_source.html

<?php


declare(strict_types=1);


namespace ILIAS\Filesystem\Security\Sanitizing;


use ilFileUtils;

use ILIAS\Filesystem\Util;


class FilenameSanitizerImpl implements FilenameSanitizer

{

    private array $whitelist;


    public function __construct(array $whitelist)

    {

        $this->whitelist = $whitelist;


        // the secure file ending must be valid, therefore add it if it got removed from the white list.

        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {

            $this->whitelist[] = FilenameSanitizer::CLEAN_FILE_SUFFIX;

        }

    }


    public function isClean(string $filename): bool

    {

        $suffix = $this->extractFileSuffix($filename);

        if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {

            return false;

        }


        return in_array($suffix, $this->whitelist, true);

    }


    public function sanitize(string $filename): string

    {

        $filename = Util::sanitizeFileName($filename);


        if ($this->isClean($filename)) {

            return $filename;

        }


        $pathInfo = pathinfo($filename);

        $basename = $pathInfo['basename'];

        $parentPath = $pathInfo['dirname'] === '.' ? '' : $pathInfo['dirname'];


        $filename = str_replace('.', '', $basename);

        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;


        // there is no parent

        if ($parentPath === '') {

            return $filename;

        }


        return "$parentPath/$filename";

    }


    private function extractFileSuffix(string $filename): string

    {

        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));

    }

}

$filename
$filename
Definition: buildRTE.php:78

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Definition: FilenameSanitizerImpl.php:38

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct(array $whitelist)
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:50

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\$whitelist
array $whitelist
Contains the whitelisted file suffixes.
Definition: FilenameSanitizerImpl.php:44

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean(string $filename)
Checks if the filename is prefixed with a valid whitelisted ending.
Definition: FilenameSanitizerImpl.php:61

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize
sanitize(string $filename)
@inheritDoc
Definition: FilenameSanitizerImpl.php:75

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix(string $filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:107

ILIAS\Filesystem\Util\sanitizeFileName
static sanitizeFileName(string $filename)
Definition: Util.php:36

ilFileUtils
Class ilFileUtils.
Definition: class.ilFileUtils.php:33

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
Definition: FilenameSanitizer.php:32

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:36

ILIAS\Filesystem\Security\Sanitizing
Definition: FilenameSanitizer.php:3

ILIAS\Filesystem\Util
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: LegacyPathHelper.php:21