ILIAS
release_8 Revision v8.23
◀ ilDoc Overview
InsecureFilenameSanitizerPreProcessor.php
Go to the documentation of this file.
1
<?php
2
19
namespace
ILIAS\FileUpload\Processor
;
20
28
final
class
InsecureFilenameSanitizerPreProcessor
extends
AbstractRecursiveZipPreProcessor
implements
PreProcessor
29
{
30
private
array
$prohibited_names
= [
31
'...'
32
];
33
34
protected
function
checkPath
(
string
$path
): bool
35
{
36
$path = str_replace(
'\\'
,
'/'
, $path);
37
$path = preg_replace(
'/\/+/'
,
'/'
, $path);
38
$path = trim($path,
'/'
);
39
$parts
= explode(
'/'
, $path);
40
foreach
(
$parts
as $part) {
41
if
(in_array($part, $this->prohibited_names)) {
42
return
false
;
43
}
44
}
45
return
true
;
46
}
47
48
protected
function
getRejectionMessage
(): string
49
{
50
return
'A Security Issue has been detected, File-upload aborted...'
;
51
}
52
53
protected
function
getOKMessage
(): string
54
{
55
return
'Extension is not blacklisted.'
;
56
}
57
}
ILIAS\FileUpload\Processor\PreProcessor
Class PreProcessor.
Definition:
PreProcessor.php:35
ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
AbstractRecursiveZipPreProcessor.php:32
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
InsecureFilenameSanitizerPreProcessor.php:28
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition:
ltitoken.php:64
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\$prohibited_names
array $prohibited_names
Definition:
InsecureFilenameSanitizerPreProcessor.php:30
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\checkPath
checkPath(string $path)
Definition:
InsecureFilenameSanitizerPreProcessor.php:34
$path
$path
Definition:
ltiservices.php:32
ILIAS\FileUpload\Processor
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition:
AbstractRecursiveZipPreProcessor.php:19
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\getRejectionMessage
getRejectionMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:48
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor\getOKMessage
getOKMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:53
src
FileUpload
Processor
InsecureFilenameSanitizerPreProcessor.php
Generated on Sun Aug 31 2025 22:02:44 for ILIAS by
1.8.13 (using
Doxyfile
)
1.8.13 (using Doxyfile) 1.8.13 (using Doxyfile)