Standard implementation of the filename sanitizing interface. More...

Inheritance diagram for ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl:

Collaboration diagram for ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl:

Public Member Functions
	__construct (private array $whitelist)
	FilenameSanitizerImpl constructor. More...

	isClean (string $filename)
	Checks if the filename is prefixed with a valid whitelisted ending. More...

	sanitize (string $filename)
	@inheritDoc More...

	isClean (string $filename)
	Checks if the filename is prefixed with a valid whitelisted ending. More...

	sanitize (string $filename)
	Validates the file ending, with the filesystem whitelist provided by ILIAS. More...

Private Member Functions
	extractFileSuffix (string $filename)
	Extracts the suffix from the given filename. More...

Additional Inherited Members
Data Fields inherited from ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer
const	CLEAN_FILE_SUFFIX = 'sec'
	This file suffix will be used to sanitize not whitelisted file names. More...

Detailed Description

Standard implementation of the filename sanitizing interface.

Author: Nicolas Schäfli ns@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch; Fabian Schmid fabia.nosp@m.n@sr.nosp@m..solu.nosp@m.tion.nosp@m.s

Definition at line 31 of file FilenameSanitizerImpl.php.

Constructor & Destructor Documentation

◆ __construct()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::__construct ( private array $whitelist )

FilenameSanitizerImpl constructor.

Parameters

string[] $whitelist

Parameters

$whitelist Contains the whitelisted file suffixes.

Definition at line 37 of file FilenameSanitizerImpl.php.

      {
        // the secure file ending must be valid, therefore add it if it got removed from the white list.
        if (!in_array(FilenameSanitizer::CLEAN_FILE_SUFFIX, $this->whitelist, true)) {
            $this->whitelist[] = FilenameSanitizer::CLEAN_FILE_SUFFIX;
        }
    }

References ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX.

Member Function Documentation

◆ extractFileSuffix()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::extractFileSuffix ( string $filename )

private

Extracts the suffix from the given filename.

If no suffix was found an empty string will be returned.

Parameters

string $filename The filename which should be used to extract the file suffix.

Returns: string The file name suffix in lowercase.

Definition at line 93 of file FilenameSanitizerImpl.php.

                                                        : string
    {
        return strtolower(pathinfo($filename, PATHINFO_EXTENSION));
    }

References $filename.

Referenced by ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean().

Here is the caller graph for this function:

◆ isClean()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::isClean ( string $filename )

Checks if the filename is prefixed with a valid whitelisted ending.

Parameters

string $filename The filename which should be checked for a whitelisted ending.

Returns: bool True if the filename ending is whitelisted otherwise false.

Implements ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer.

Definition at line 50 of file FilenameSanitizerImpl.php.

                                             : bool
    {
        $suffix = $this->extractFileSuffix($filename);
        if (preg_match('/^ph(p[3457]?|t|tml|ar)$/i', $suffix)) {
            return false;
        }
 
        return in_array($suffix, $this->whitelist, true);
    }

References ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\extractFileSuffix().

Referenced by ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\sanitize().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ sanitize()

ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl::sanitize ( string $filename )

@inheritDoc

Implements ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer.

Definition at line 63 of file FilenameSanitizerImpl.php.

                                              : string
    {
        $filename = Util::sanitizeFileName($filename);
 
        if ($this->isClean($filename)) {
            return $filename;
        }
 
        $pathInfo = pathinfo($filename);
        $basename = $pathInfo['basename'];
        $parentPath = $pathInfo['dirname'] === '.' ? '' : $pathInfo['dirname'];
 
        $filename = str_replace('.', '', $basename);
        $filename .= "." . FilenameSanitizer::CLEAN_FILE_SUFFIX;
 
        // there is no parent
        if ($parentPath === '') {
            return $filename;
        }
 
        return "$parentPath/$filename";
    }

References $filename, ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizer\CLEAN_FILE_SUFFIX, ILIAS\Filesystem\Security\Sanitizing\FilenameSanitizerImpl\isClean(), and ILIAS\Filesystem\Util\sanitizeFileName().

Here is the call graph for this function:

The documentation for this class was generated from the following file:

components/ILIAS/Filesystem/src/Security/Sanitizing/FilenameSanitizerImpl.php

Public Member Functions

Private Member Functions

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ extractFileSuffix()

◆ isClean()

◆ sanitize()