ILIAS  trunk Revision v12.0_alpha-377-g3641b37b9db
Protected Member Functions | Private Attributes
ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor Class Reference

Class InsecureFilenameSanitizerPreProcessor. More...

+ Inheritance diagram for ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor:
+ Collaboration diagram for ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor:

Protected Member Functions

 checkPath (string $path)
 
 getRejectionMessage ()
 
 getOKMessage ()
 
 checkPath (string $path)
 
 getRejectionMessage ()
 
 getOKMessage ()
 

Private Attributes

array $prohibited_names
 

Additional Inherited Members

- Public Member Functions inherited from ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor
 process (FileStream $stream, Metadata $metadata)
 This method gets invoked by the file upload service to process the file with the help of the processor. More...
 
 process (FileStream $stream, Metadata $metadata)
 This method gets invoked by the file upload service to process the file with the help of the processor. More...
 

Detailed Description

Class InsecureFilenameSanitizerPreProcessor.

PreProcessor which checks for file with potentially dangerous names

Author
Fabian Schmid fabia.nosp@m.n@sr.nosp@m..solu.nosp@m.tion.nosp@m.s

Definition at line 28 of file InsecureFilenameSanitizerPreProcessor.php.

Member Function Documentation

◆ checkPath()

ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor::checkPath ( string  $path)
protected
Parameters
string$pathto a file
Returns
bool false leads to rejection, true to accept

Reimplemented from ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor.

Definition at line 34 of file InsecureFilenameSanitizerPreProcessor.php.

34 : bool
35 {
36 $path = str_replace('\\', '/', $path);
37 $path = preg_replace('/\/+/', '/', $path);
38 $path = trim((string) $path, '/');
39 $parts = explode('/', $path);
40 foreach ($parts as $part) {
41 if (in_array($part, $this->prohibited_names)) {
42 return false;
43 }
44 }
45 return true;
46 }
$path
$path
Definition: ltiservices.php:30
$parts
if($clientAssertionType !='urn:ietf:params:oauth:client-assertion-type:jwt-bearer'|| $grantType !='client_credentials') $parts
Definition: ltitoken.php:61

References $parts, and $path.

◆ getOKMessage()

ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor::getOKMessage ( )
protected

Reimplemented from ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor.

Definition at line 53 of file InsecureFilenameSanitizerPreProcessor.php.

53 : string
54 {
55 return 'Extension is not blacklisted.';
56 }

◆ getRejectionMessage()

ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor::getRejectionMessage ( )
protected

Reimplemented from ILIAS\FileUpload\Processor\AbstractRecursiveZipPreProcessor.

Definition at line 48 of file InsecureFilenameSanitizerPreProcessor.php.

48 : string
49 {
50 return 'A Security Issue has been detected, File-upload aborted...';
51 }

Field Documentation

◆ $prohibited_names

array ILIAS\FileUpload\Processor\InsecureFilenameSanitizerPreProcessor::$prohibited_names
private
Initial value:
= [
'...'
]

Definition at line 30 of file InsecureFilenameSanitizerPreProcessor.php.

The documentation for this class was generated from the following file: