ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl Class Reference

Standard implementation of the filename sanitizing interface. More...

Inheritance diagram for ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl:

Collaboration diagram for ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl:

Public Member Functions
	__construct (private array $whitelist)
	FilenameSanitizerImpl constructor. More...
	isClean (string $filename)
	Checks if the filename is prefixed with a valid whitelisted ending. More...
	sanitize (string $filename)

Private Member Functions
	extractFileSuffix (string $filename)
	Extracts the suffix from the given filename. More...

Additional Inherited Members
Data Fields inherited from ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
const	CLEAN_FILE_SUFFIX = 'sec'
	This file suffix will be used to sanitize not whitelisted file names. More...

Detailed Description

Standard implementation of the filename sanitizing interface.

Author

Nicolas Schäfli ns@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Fabian Schmid fabia.nosp@m.n@sr.nosp@m..solu.nosp@m.tion.nosp@m.s

Definition at line 31 of file FilenameSanitizerImpl.php.

Constructor & Destructor Documentation

__construct()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::__construct

(

private array

$whitelist

)

FilenameSanitizerImpl constructor.

Parameters

string[]

$whitelist

Parameters

$whitelist

Contains the whitelisted file suffixes.

Definition at line 37 of file FilenameSanitizerImpl.php.

References ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX.

      {
        // the secure file ending must be valid, therefore add it if it got removed from the white list.
        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
            $this->whitelist[] = FilenameSanitizer::CLEAN_FILE_SUFFIX;
        }
    }

Member Function Documentation

extractFileSuffix()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::extractFileSuffix ( string  $filename )

private

Extracts the suffix from the given filename.

If no suffix was found an empty string will be returned.

Parameters

string

$filename

The filename which should be used to extract the file suffix.

Returns

string The file name suffix in lowercase.

Definition at line 93 of file FilenameSanitizerImpl.php.

Referenced by ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean().

                                                        : string
    {
        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    }

Here is the caller graph for this function:

isClean()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::isClean

(

string

$filename

)

Checks if the filename is prefixed with a valid whitelisted ending.

Parameters

string

$filename

The filename which should be checked for a whitelisted ending.

Returns

bool True if the filename ending is whitelisted otherwise false.

Implements ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer.

Definition at line 50 of file FilenameSanitizerImpl.php.

References ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix().

Referenced by ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize().

                                             : bool
    {
        $suffix = $this->extractFileSuffix($filename);
        if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {
            return false;
        }

        return in_array($suffix, $this->whitelist, true);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

sanitize()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::sanitize

(

string

$filename

)

Implements ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer.

Definition at line 63 of file FilenameSanitizerImpl.php.

References $filename, ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX, ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean(), and ILIAS\Filesystem\Util\sanitizeFileName().

Referenced by ilFileUtils\getValidFilename().

                                              : string
    {
        $filename = Util::sanitizeFileName($filename);

        if ($this->isClean($filename)) {
            return $filename;
        }

        $pathInfo = pathinfo($filename);
        $basename = $pathInfo['basename'];
        $parentPath = $pathInfo['dirname'] === '.' ? '' : $pathInfo['dirname'];

        $filename = str_replace('.', '', $basename);
        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;

        // there is no parent
        if ($parentPath === '') {
            return $filename;
        }

        return "$parentPath/$filename";
    }

Here is the call graph for this function:

Here is the caller graph for this function:

---

The documentation for this class was generated from the following file:

• components/ILIAS/Filesystem/src/Security/Sanitizing/FilenameSanitizerImpl.php