ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
FilenameSanitizerImpl.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21namespace ILIAS\Filesystem\Security\Sanitizing;
22
23use ILIAS\Filesystem\Util;
24
31class FilenameSanitizerImpl implements FilenameSanitizer
32{
37 public function __construct(
41 private array $whitelist
42 ) {
43 // the secure file ending must be valid, therefore add it if it got removed from the white list.
44 if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
45 $this->whitelist[] = FilenameSanitizer::CLEAN_FILE_SUFFIX;
46 }
47 }
48
49
50 public function isClean(string $filename): bool
51 {
52 $suffix = $this->extractFileSuffix($filename);
53 if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {
54 return false;
55 }
56
57 return in_array($suffix, $this->whitelist, true);
58 }
59
63 public function sanitize(string $filename): string
64 {
65 $filename = Util::sanitizeFileName($filename);
66
67 if ($this->isClean($filename)) {
68 return $filename;
69 }
70
71 $pathInfo = pathinfo($filename);
72 $basename = $pathInfo['basename'];
73 $parentPath = $pathInfo['dirname'] === '.' ? '' : $pathInfo['dirname'];
74
75 $filename = str_replace('.', '', $basename);
76 $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;
77
78 // there is no parent
79 if ($parentPath === '') {
80 return $filename;
81 }
82
83 return "$parentPath/$filename";
84 }
85
93 private function extractFileSuffix(string $filename): string
94 {
95 return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
96 }
97}
$filename
$filename
Definition: buildRTE.php:78
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl
Standard implementation of the filename sanitizing interface.
Definition: FilenameSanitizerImpl.php:32
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\__construct
__construct(private array $whitelist)
FilenameSanitizerImpl constructor.
Definition: FilenameSanitizerImpl.php:37
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean
isClean(string $filename)
Checks if the filename is prefixed with a valid whitelisted ending.
Definition: FilenameSanitizerImpl.php:50
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix
extractFileSuffix(string $filename)
Extracts the suffix from the given filename.
Definition: FilenameSanitizerImpl.php:93
ILIAS\Filesystem\Util\sanitizeFileName
static sanitizeFileName(string $filename)
Definition: Util.php:48
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
The filename sanitizer verifies and fixes file name endings.
Definition: FilenameSanitizer.php:30
ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX
const CLEAN_FILE_SUFFIX
This file suffix will be used to sanitize not whitelisted file names.
Definition: FilenameSanitizer.php:34
ILIAS\Filesystem\Security\Sanitizing
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: FilenameSanitizer.php:19
ILIAS\Filesystem\Util
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...