Class InsecureFilenameSanitizerPreProcessor. More...

Inheritance diagram for ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor:

Collaboration diagram for ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor:

Protected Member Functions
	checkPath (string $path)

	getRejectionMessage ()

	getOKMessage ()

Protected Member Functions inherited from ILIAS\MetaData\Repository\Validation\Processor\AbstractRecursiveZipPreProcessor
	checkPath (string $path)

	getRejectionMessage ()

	getOKMessage ()

Private Attributes
array	$prohibited_names

Additional Inherited Members
Public Member Functions inherited from ILIAS\MetaData\Repository\Validation\Processor\AbstractRecursiveZipPreProcessor
	process (FileStream $stream, Metadata $metadata)
	This method gets invoked by the file upload service to process the file with the help of the processor. More...

Detailed Description

Class InsecureFilenameSanitizerPreProcessor.

PreProcessor which checks for file with potentially dangerous names

Author: Fabian Schmid fabia.nosp@m.n@sr.nosp@m..solu.nosp@m.tion.nosp@m.s

Definition at line 28 of file InsecureFilenameSanitizerPreProcessor.php.

Member Function Documentation

◆ checkPath()

ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor::checkPath ( string $path )

protected

Definition at line 34 of file InsecureFilenameSanitizerPreProcessor.php.

References $parts.

                                               : bool
     {
         $path = str_replace('\\', '/', $path);
         $path = preg_replace('/\/+/', '/', $path);
         $path = trim((string) $path, '/');
         $parts = explode('/', $path);
         foreach ($parts as $part) {
             if (in_array($part, $this->prohibited_names)) {
                 return false;
             }
         }
         return true;
     }

◆ getOKMessage()

ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor::getOKMessage ( )

protected

Definition at line 53 of file InsecureFilenameSanitizerPreProcessor.php.

                                      : string
     {
         return 'Extension is not blacklisted.';
     }

◆ getRejectionMessage()

ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor::getRejectionMessage ( )

protected

Definition at line 48 of file InsecureFilenameSanitizerPreProcessor.php.

                                             : string
     {
         return 'A Security Issue has been detected, File-upload aborted...';
     }

Field Documentation

◆ $prohibited_names

array ILIAS\MetaData\Repository\Validation\Processor\InsecureFilenameSanitizerPreProcessor::$prohibited_names

private

Initial value:

= [
        '...'
    ]

Definition at line 30 of file InsecureFilenameSanitizerPreProcessor.php.

The documentation for this class was generated from the following file:

components/ILIAS/FileUpload/src/Processor/InsecureFilenameSanitizerPreProcessor.php

Protected Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Member Function Documentation

◆ checkPath()

◆ getOKMessage()

◆ getRejectionMessage()

Field Documentation

◆ $prohibited_names