ILIAS
trunk Revision v11.0_alpha-1713-gd8962da2f67
◀ ilDoc Overview
Main Page
Related Pages
Modules
+
Namespaces
Namespace List
+
Namespace Members
+
All
$
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
+
Functions
_
a
b
c
d
e
f
g
h
i
k
l
m
n
o
p
r
s
t
u
v
w
x
+
Variables
$
c
e
g
h
j
l
m
p
s
t
u
v
+
Enumerations
a
c
e
f
i
j
l
m
n
o
p
r
s
t
u
v
z
+
Enumerator
a
c
d
e
f
g
i
l
m
n
o
p
q
s
t
u
v
y
+
Data Structures
Data Structures
Data Structure Index
Class Hierarchy
+
Data Fields
+
All
$
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Ö
+
Functions
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
+
Variables
$
_
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
Ö
Enumerations
Enumerator
+
Files
File List
+
Globals
+
All
$
a
b
c
d
e
f
g
h
i
l
m
n
o
p
r
s
t
u
v
z
+
Functions
a
b
c
d
e
f
g
h
i
m
n
p
r
s
t
u
v
+
Variables
$
a
c
e
g
h
i
m
n
o
p
r
s
t
u
v
z
Enumerations
Enumerator
Examples
•
All
Data Structures
Namespaces
Files
Functions
Variables
Enumerations
Enumerator
Modules
Pages
InsecureFilenameSanitizerPreProcessor.php
Go to the documentation of this file.
1
<?php
2
19
namespace
ILIAS\FileUpload\Processor
;
20
28
final
class
InsecureFilenameSanitizerPreProcessor
extends
AbstractRecursiveZipPreProcessor
implements
PreProcessor
29
{
30
private
array
$prohibited_names
= [
31
'...'
32
];
33
34
protected
function
checkPath
(
string
$path
): bool
35
{
36
$path = str_replace(
'\\'
,
'/'
, $path);
37
$path = preg_replace(
'/\/+/'
,
'/'
, $path);
38
$path = trim((
string
) $path,
'/'
);
39
$parts
= explode(
'/'
, $path);
40
foreach
(
$parts
as $part) {
41
if
(in_array($part, $this->prohibited_names)) {
42
return
false
;
43
}
44
}
45
return
true
;
46
}
47
48
protected
function
getRejectionMessage
(): string
49
{
50
return
'A Security Issue has been detected, File-upload aborted...'
;
51
}
52
53
protected
function
getOKMessage
(): string
54
{
55
return
'Extension is not blacklisted.'
;
56
}
57
}
ILIAS\MetaData\Repository\Validation\Processor\PreProcessor
Class PreProcessor.
Definition:
PreProcessor.php:37
ILIAS\MetaData\Repository\Validation\Processor\AbstractRecursiveZipPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
AbstractRecursiveZipPreProcessor.php:32
ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor\getOKMessage
getOKMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:53
ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor
Class InsecureFilenameSanitizerPreProcessor.
Definition:
InsecureFilenameSanitizerPreProcessor.php:28
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition:
ltitoken.php:61
ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor\checkPath
checkPath(string $path)
Definition:
InsecureFilenameSanitizerPreProcessor.php:34
ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor\$prohibited_names
array $prohibited_names
Definition:
InsecureFilenameSanitizerPreProcessor.php:30
$path
$path
Definition:
ltiservices.php:29
ILIAS\FileUpload\Processor
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition:
AbstractRecursiveZipPreProcessor.php:19
ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor\getRejectionMessage
getRejectionMessage()
Definition:
InsecureFilenameSanitizerPreProcessor.php:48
components
ILIAS
FileUpload
src
Processor
InsecureFilenameSanitizerPreProcessor.php
Generated on Fri Apr 4 2025 23:03:11 for ILIAS by
1.8.13 (using
Doxyfile
)
1.8.13 (using Doxyfile)
