file_munge_filename
includes/file.inc, строка 354
- Версии
- 6
file_munge_filename($filename, $extensions, $alerts = TRUE)
Munge the filename as needed for security purposes. For instance the file
name 'exploit.php.pps'
would become 'exploit.php_.pps'
.
Параметры
$filename
The name of a file to modify.
$extensions
A space separated list of extensions that should not
be altered.
$alerts
Whether alerts (watchdog, drupal_set_message()) should be
displayed.
Возвращаемое значение
$filename
The potentially modified $filename
.
Связанные темы
Код
<?php
function file_munge_filename($filename, $extensions, $alerts = TRUE) {
$original = $filename;
// Allow potentially insecure uploads for very savvy users and admin
if (!variable_get('allow_insecure_uploads', 0)) {
$whitelist = array_unique(explode(' ', trim($extensions)));
// Split the filename up by periods. The first part becomes the basename
// the last part the final extension.
$filename_parts = explode('.', $filename);
$new_filename = array_shift($filename_parts); // Remove file basename.
$final_extension = array_pop($filename_parts); // Remove final extension.
// Loop through the middle parts of the name and add an underscore to the
// end of each section that could be a file extension but isn't in the list
// of allowed extensions.
foreach ($filename_parts as $filename_part) {
$new_filename .= '.'. $filename_part;
if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
$new_filename .= '_';
}
}
$filename = $new_filename .'.'. $final_extension;
if ($alerts && $original != $filename) {
drupal_set_message(t('For security reasons, your upload has been renamed to %filename.', array('%filename' => $filename)));
}
}
return $filename;
}
?>
Войдите или зарегистрируйтесь, чтобы получить возможность отправлять комментарии