1
<?php
2
/**
3
* Form-based File Uploading Library
4
*
5
* @author Zhou Yuan <yuanzhou19@gmail.com>
6
* @link http://www.infopotato.com/
7
* @copyright Copyright © 2009-2011 Zhou Yuan
8
* @license http://www.opensource.org/licenses/mit-license.php MIT Licence
9
*/
10
class Upload_Library {
11
12
/**
13
* The maximum size (in kilobytes) that the file can be. Set to zero for no limit.
14
* Note: Most PHP installations have their own limit, as specified in the php.ini file.
15
* Usually 2 MB (or 2048 KB) by default.
16
*
17
* @var integer
18
*/
19
protected $max_size = 0;
20
21
/**
22
* The maximum width (in pixels) that the file can be. Set to zero for no limit.
23
*
24
* @var integer
25
*/
26
protected $max_width = 0;
27
28
/**
29
* The maximum height (in pixels) that the file can be. Set to zero for no limit.
30
*
31
* @var integer
32
*/
33
protected $max_height = 0;
34
35
/**
36
* The maximum length that a file name can be. Set to zero for no limit.
37
*
38
* @var string
39
*/
40
protected $max_filename = 0;
41
42
/**
43
* The mime types corresponding to the types of files you allow to be uploaded.
44
* Usually the file extension can be used as the mime type.
45
* E.g. array('pdf', 'doc', 'docx')
46
*
47
* @var array
48
*/
49
protected $allowed_types = array();
50
51
/**
52
* The maximum length that a file name can be. Set to zero for no limit.
53
*
54
* @var string
55
*/
56
protected $file_temp = '';
57
58
/**
59
* If set InfoPotato will rename the uploaded file to this name.
60
* The extension provided in the file name must also be an allowed file type.
61
*
62
* @var string
63
*/
64
protected $file_name = '';
65
protected $orig_name = '';
66
protected $file_type = '';
67
protected $file_size = '';
68
protected $file_ext = '';
69
70
/**
71
* The path to the folder where the upload should be placed.
72
* The folder must be writable and the path can be absolute or relative.
73
* Make sure it has a trailing slash
74
*
75
* @var string
76
*/
77
protected $upload_path = '';
78
79
/**
80
* If set to true, if a file with the same name as the one you are uploading exists,
81
* it will be overwritten. If set to false, a number will be appended to the filename
82
* if another with the same name exists.
83
*
84
* @var boolean
85
*/
86
protected $overwrite = FALSE;
87
88
/**
89
* If set to TRUE the file name will be converted to a random encrypted string.
90
* This can be useful if you would like the file saved with a name that
91
* can not be discerned by the person uploading it.
92
*
93
* @var boolean
94
*/
95
protected $encrypt_name = FALSE;
96
97
protected $image_width = '';
98
protected $image_height = '';
99
protected $image_type = '';
100
protected $image_size_str = '';
101
102
/**
103
* If set to TRUE, any spaces in the file name will be converted to underscores. This is recommended.
104
*
105
* @var boolean
106
*/
107
protected $remove_spaces = TRUE;
108
109
/**
110
* If a file_name was provided in the config, use it instead of the user input
111
* supplied file name for all uploads until initialized again
112
*
113
* @var string
114
*/
115
protected $file_name_override = '';
116
117
118
/**
119
* All the pre defined error messages
120
*
121
* @var array
122
*/
123
private $_error_messages = array();
124
125
/**
126
* The errors caputered to display
127
*
128
* @var array
129
*/
130
private $_error_msg_to_display= array();
131
132
/**
133
* Constructor
134
*/
135
public function __construct(array $config = NULL) {
136
if (count($config) > 0) {
137
$default_vars = array(
138
'max_size' => 0,
139
'max_width' => 0,
140
'max_height' => 0,
141
'max_filename' => 0,
142
'allowed_types' => array(),
143
'file_temp' => '',
144
'file_name' => '',
145
'orig_name' => '',
146
'file_type' => '',
147
'file_size' => '',
148
'file_ext' => '',
149
'upload_path' => '',
150
'overwrite' => FALSE,
151
'encrypt_name' => FALSE,
152
153
'image_width' => '',
154
'image_height' => '',
155
'image_type' => '',
156
'image_size_str' => '',
157
'remove_spaces' => TRUE,
158
);
159
160
foreach ($default_vars as $key => $val) {
161
if (isset($config[$key])) {
162
$this->$key = $config[$key];
163
}
164
}
165
166
// If a file_name was provided in the config, use it instead of the user input
167
// supplied file name for all uploads until initialized again
168
$this->file_name_override = $this->file_name;
169
}
170
171
172
$this->_error_messages = array(
173
'upload_userfile_not_set' => 'Unable to find a post variable called userfile.',
174
'upload_file_exceeds_limit' => 'The uploaded file exceeds the maximum allowed size in your PHP configuration file.',
175
'upload_file_exceeds_form_limit' => 'The uploaded file exceeds the maximum size allowed by the submission form.',
176
'upload_file_partial' => 'The file was only partially uploaded.',
177
'upload_no_temp_directory' => 'The temporary folder is missing.',
178
'upload_unable_to_write_file' => 'The file could not be written to disk.',
179
'upload_stopped_by_extension' => 'The file upload was stopped by extension.',
180
'upload_no_file_selected' => 'You did not select a file to upload.',
181
'upload_invalid_filetype' => 'The filetype you are attempting to upload is not allowed.',
182
'upload_invalid_filesize' => 'The file you are attempting to upload is larger than the permitted size.',
183
'upload_invalid_dimensions' => 'The image you are attempting to upload exceedes the maximum height or width.',
184
'upload_destination_error' => 'A problem was encountered while attempting to move the uploaded file to the final destination.',
185
'upload_no_filepath' => 'The upload path does not appear to be valid.',
186
'upload_no_file_types' => 'You have not specified any allowed file types.',
187
'upload_bad_filename' => 'The file name you submitted already exists on the server.',
188
'upload_not_writable' => 'The upload destination folder does not appear to be writable.',
189
);
190
}
191
192
193
/**
194
* Perform the file upload
195
*
196
* By default the upload routine expects the file to come from a form field called 'userfile',
197
* and the form must be a multipart type
198
*
199
* @return bool
200
*/
201
public function run($field = 'userfile') {
202
// Is $_FILES[$field] set? If not, no reason to continue.
203
if ( ! isset($_FILES[$field])) {
204
$this->_set_error('upload_no_file_selected');
205
return FALSE;
206
}
207
208
// Is the upload path valid?
209
if ( ! $this->validate_upload_path()) {
210
// errors will already be set by validate_upload_path() so just return FALSE
211
return FALSE;
212
}
213
214
// Was the file able to be uploaded? If not, determine the reason why.
215
if ( ! is_uploaded_file($_FILES[$field]['tmp_name'])) {
216
$error = ( ! isset($_FILES[$field]['error'])) ? 4 : $_FILES[$field]['error'];
217
218
switch($error) {
219
case 1: // UPLOAD_ERR_INI_SIZE
220
$this->_set_error('upload_file_exceeds_limit');
221
break;
222
223
case 2: // UPLOAD_ERR_FORM_SIZE
224
$this->_set_error('upload_file_exceeds_form_limit');
225
break;
226
227
case 3: // UPLOAD_ERR_PARTIAL
228
$this->_set_error('upload_file_partial');
229
break;
230
231
case 4: // UPLOAD_ERR_NO_FILE
232
$this->_set_error('upload_no_file_selected');
233
break;
234
235
case 6: // UPLOAD_ERR_NO_TMP_DIR
236
$this->_set_error('upload_no_temp_directory');
237
break;
238
239
case 7: // UPLOAD_ERR_CANT_WRITE
240
$this->_set_error('upload_unable_to_write_file');
241
break;
242
243
case 8: // UPLOAD_ERR_EXTENSION
244
$this->_set_error('upload_stopped_by_extension');
245
break;
246
247
default : $this->_set_error('upload_no_file_selected');
248
break;
249
}
250
251
return FALSE;
252
}
253
254
// Set the uploaded data as class variables
255
$this->file_temp = $_FILES[$field]['tmp_name'];
256
$this->file_size = $_FILES[$field]['size'];
257
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
258
$this->file_type = strtolower(trim(stripslashes($this->file_type), '"'));
259
$this->file_name = $this->_prep_filename($_FILES[$field]['name']);
260
$this->file_ext = $this->get_extension($this->file_name);
261
262
// Is the file type allowed to be uploaded?
263
if ( ! $this->is_allowed_filetype()) {
264
$this->_set_error('upload_invalid_filetype');
265
return FALSE;
266
}
267
268
// if we're overriding, let's now make sure the new name and type is allowed
269
if ($this->file_name_override != '') {
270
$this->file_name = $this->_prep_filename($this->file_name_override);
271
272
// If no extension was provided in the file_name config item, use the uploaded one
273
if(strpos($this->file_name_override, '.') === FALSE) {
274
$this->file_name .= $this->file_ext;
275
} else {
276
// An extension was provided, lets have it!
277
$this->file_ext = $this->get_extension($this->file_name_override);
278
}
279
280
if ( ! $this->is_allowed_filetype(TRUE)) {
281
$this->_set_error('upload_invalid_filetype');
282
return FALSE;
283
}
284
}
285
286
// Convert the file size to kilobytes
287
if ($this->file_size > 0) {
288
$this->file_size = round($this->file_size/1024, 2);
289
}
290
291
// Is the file size within the allowed maximum?
292
if ( ! $this->is_allowed_filesize()) {
293
$this->_set_error('upload_invalid_filesize');
294
return FALSE;
295
}
296
297
// Are the image dimensions within the allowed size?
298
// Note: This can fail if the server has an open_basdir restriction.
299
if ( ! $this->is_allowed_dimensions()) {
300
$this->_set_error('upload_invalid_dimensions');
301
return FALSE;
302
}
303
304
// Sanitize the file name for security
305
$this->file_name = $this->clean_file_name($this->file_name);
306
307
// Truncate the file name if it's too long
308
if ($this->max_filename > 0) {
309
$this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
310
}
311
312
// Remove white spaces in the name
313
if ($this->remove_spaces == TRUE) {
314
$this->file_name = preg_replace("/\s+/", "_", $this->file_name);
315
}
316
317
/*
318
* Validate the file name
319
* This function appends an number onto the end of
320
* the file if one with the same name already exists.
321
* If it returns false there was a problem.
322
*/
323
$this->orig_name = $this->file_name;
324
325
if ($this->overwrite == FALSE) {
326
$this->file_name = $this->set_filename($this->upload_path, $this->file_name);
327
328
if ($this->file_name === FALSE) {
329
return FALSE;
330
}
331
}
332
333
334
/*
335
* Move the file to the final destination
336
* To deal with different server configurations
337
* we'll attempt to use copy() first. If that fails
338
* we'll use move_uploaded_file(). One of the two should
339
* reliably work in most environments
340
*/
341
if ( ! @copy($this->file_temp, $this->upload_path.$this->file_name)) {
342
if ( ! @move_uploaded_file($this->file_temp, $this->upload_path.$this->file_name)) {
343
$this->_set_error('upload_destination_error');
344
return FALSE;
345
}
346
}
347
348
/*
349
* Set the finalized image dimensions
350
* This sets the image width/height (assuming the
351
* file was an image). We use this information
352
* in the "data" function.
353
*/
354
$this->set_image_properties($this->upload_path.$this->file_name);
355
356
return TRUE;
357
}
358
359
360
/**
361
* Finalized Data Array
362
*
363
* Returns an associative array containing all of the information
364
* related to the upload, allowing the developer easy access in one array.
365
*
366
* @return array
367
*/
368
public function data() {
369
return array (
370
'file_name' => $this->file_name,
371
'file_type' => $this->file_type,
372
'file_path' => $this->upload_path,
373
'full_path' => $this->upload_path.$this->file_name,
374
'raw_name' => str_replace($this->file_ext, '', $this->file_name),
375
'orig_name' => $this->orig_name,
376
'file_ext' => $this->file_ext,
377
'file_size' => $this->file_size,
378
'is_image' => $this->is_image(),
379
'image_width' => $this->image_width,
380
'image_height' => $this->image_height,
381
'image_type' => $this->image_type,
382
'image_size_str' => $this->image_size_str,
383
);
384
}
385
386
387
/**
388
* Set the file name
389
*
390
* This function takes a filename/path as input and looks for the
391
* existence of a file with the same name. If found, it will append a
392
* number to the end of the filename to avoid overwriting a pre-existing file.
393
*
394
* @param string
395
* @param string
396
* @return string
397
*/
398
public function set_filename($path, $filename) {
399
if ($this->encrypt_name == TRUE) {
400
mt_srand();
401
$filename = md5(uniqid(mt_rand())).$this->file_ext;
402
}
403
404
if ( ! file_exists($path.$filename)) {
405
return $filename;
406
}
407
408
$filename = str_replace($this->file_ext, '', $filename);
409
410
$new_filename = '';
411
for ($i = 1; $i < 100; $i++) {
412
if ( ! file_exists($path.$filename.$i.$this->file_ext)) {
413
$new_filename = $filename.$i.$this->file_ext;
414
break;
415
}
416
}
417
418
if ($new_filename == '') {
419
$this->_set_error('upload_bad_filename');
420
return FALSE;
421
} else {
422
return $new_filename;
423
}
424
}
425
426
/**
427
* Set Image Properties
428
*
429
* Uses GD to determine the width/height/type of image
430
*
431
* @param string
432
* @return void
433
*/
434
public function set_image_properties($path = '') {
435
if ( ! $this->is_image()) {
436
return;
437
}
438
439
if (function_exists('getimagesize')) {
440
if (FALSE !== ($dimension = @getimagesize($path))) {
441
$types = array(1 => 'gif', 2 => 'jpeg', 3 => 'png');
442
443
$this->image_width = $dimension['0'];
444
$this->image_height = $dimension['1'];
445
$this->image_type = ( ! isset($types[$dimension['2']])) ? 'unknown' : $types[$dimension['2']];
446
$this->image_size_str = $dimension['3']; // string containing height and width
447
}
448
}
449
}
450
451
452
/**
453
* Validate the image
454
*
455
* @return bool
456
*/
457
public function is_image() {
458
// IE will sometimes return odd mime-types during upload, so here we just standardize all
459
// jpegs or pngs to the same file type.
460
461
$png_mimes = array('image/x-png');
462
$jpeg_mimes = array('image/jpg', 'image/jpe', 'image/jpeg', 'image/pjpeg');
463
464
if (in_array($this->file_type, $png_mimes)) {
465
$this->file_type = 'image/png';
466
}
467
468
if (in_array($this->file_type, $jpeg_mimes)) {
469
$this->file_type = 'image/jpeg';
470
}
471
472
$img_mimes = array(
473
'image/gif',
474
'image/jpeg',
475
'image/png',
476
);
477
478
return (in_array($this->file_type, $img_mimes, TRUE)) ? TRUE : FALSE;
479
}
480
481
482
/**
483
* Verify that the filetype is allowed
484
* Different extensions could have the same filetype, like .rtf and .doc
485
*
486
* @return bool
487
*/
488
public function is_allowed_filetype($ignore_mime = FALSE) {
489
if ($this->allowed_types == '*') {
490
return TRUE;
491
}
492
493
if (count($this->allowed_types) == 0 || ! is_array($this->allowed_types)) {
494
$this->_set_error('upload_no_file_types');
495
return FALSE;
496
}
497
498
$ext = strtolower(ltrim($this->file_ext, '.'));
499
500
if ( ! in_array($ext, $this->allowed_types)) {
501
return FALSE;
502
}
503
504
// Images get some additional checks
505
$image_types = array('gif', 'jpg', 'jpeg', 'png', 'jpe');
506
507
if (in_array($ext, $image_types)) {
508
if (getimagesize($this->file_temp) === FALSE) {
509
return FALSE;
510
}
511
}
512
513
if ($ignore_mime === TRUE) {
514
return TRUE;
515
}
516
517
$mime = $this->_mimes_types($ext);
518
519
if (is_array($mime)) {
520
if (in_array($this->file_type, $mime, TRUE)) {
521
return TRUE;
522
}
523
} elseif ($mime == $this->file_type) {
524
return TRUE;
525
}
526
527
return FALSE;
528
}
529
530
531
/**
532
* Verify that the file is within the allowed size
533
*
534
* @return bool
535
*/
536
public function is_allowed_filesize() {
537
if ($this->max_size != 0 && $this->file_size > $this->max_size) {
538
return FALSE;
539
} else {
540
return TRUE;
541
}
542
}
543
544
545
/**
546
* Verify that the image is within the allowed width/height
547
*
548
* @return bool
549
*/
550
public function is_allowed_dimensions() {
551
if ( ! $this->is_image()) {
552
return TRUE;
553
}
554
555
if (function_exists('getimagesize')) {
556
$D = @getimagesize($this->file_temp);
557
558
if ($this->max_width > 0 && $D['0'] > $this->max_width) {
559
return FALSE;
560
}
561
562
if ($this->max_height > 0 && $D['1'] > $this->max_height) {
563
return FALSE;
564
}
565
566
return TRUE;
567
}
568
569
return TRUE;
570
}
571
572
573
/**
574
* Validate Upload Path
575
*
576
* Verifies that it is a valid upload path with proper permissions.
577
*
578
* @return bool
579
*/
580
public function validate_upload_path() {
581
if ($this->upload_path == '') {
582
$this->_set_error('upload_no_filepath');
583
return FALSE;
584
}
585
586
if (function_exists('realpath') && @realpath($this->upload_path) !== FALSE) {
587
$this->upload_path = str_replace("\\", "/", realpath($this->upload_path));
588
}
589
590
if ( ! @is_dir($this->upload_path)) {
591
$this->_set_error('upload_no_filepath');
592
return FALSE;
593
}
594
595
if ( ! is_writable($this->upload_path)) {
596
$this->_set_error('upload_not_writable');
597
return FALSE;
598
}
599
600
$this->upload_path = preg_replace("/(.+?)\/*$/", "\\1/", $this->upload_path);
601
return TRUE;
602
}
603
604
605
/**
606
* Extract the file extension
607
*
608
* @param string
609
* @return string
610
*/
611
public function get_extension($filename) {
612
$x = explode('.', $filename);
613
return '.'.end($x);
614
}
615
616
617
/**
618
* Clean the file name for security
619
*
620
* @param string
621
* @return string
622
*/
623
public function clean_file_name($filename) {
624
$bad = array(
625
"<!--",
626
"-->",
627
"'",
628
"<",
629
">",
630
'"',
631
'&',
632
'$',
633
'=',
634
';',
635
'?',
636
'/',
637
"%20",
638
"%22",
639
"%3c", // <
640
"%253c", // <
641
"%3e", // >
642
"%0e", // >
643
"%28", // (
644
"%29", // )
645
"%2528", // (
646
"%26", // &
647
"%24", // $
648
"%3f", // ?
649
"%3b", // ;
650
"%3d" // =
651
);
652
653
$filename = str_replace($bad, '', $filename);
654
655
return stripslashes($filename);
656
}
657
658
659
/**
660
* Limit the File Name Length
661
*
662
* @param string
663
* @return string
664
*/
665
public function limit_filename_length($filename, $length) {
666
if (strlen($filename) < $length) {
667
return $filename;
668
}
669
670
$ext = '';
671
if (strpos($filename, '.') !== FALSE) {
672
$parts = explode('.', $filename);
673
$ext = '.'.array_pop($parts);
674
$filename = implode('.', $parts);
675
}
676
677
return substr($filename, 0, ($length - strlen($ext))).$ext;
678
}
679
680
681
/**
682
* Set an error message
683
*
684
* @param string
685
* @return void
686
*/
687
private function _set_error($msg) {
688
$this->_error_msg_to_display[] = isset($this->_error_messages[$msg]) ? $this->_error_messages[$msg] : $msg;
689
}
690
691
692
/**
693
* Display the error message
694
*
695
* @param string
696
* @param string
697
* @return string
698
*/
699
public function display_errors($open = '<p>', $close = '</p>') {
700
$str = '';
701
foreach ($this->_error_msg_to_display as $val) {
702
$str .= $open.$val.$close;
703
}
704
705
return $str;
706
}
707
708
709
/**
710
* List of Mime Types
711
*
712
* @param string
713
* @return string
714
*/
715
private function _mimes_types($mime) {
716
$mimes = array(
717
'hqx' => 'application/mac-binhex40',
718
'cpt' => 'application/mac-compactpro',
719
'csv' => array('text/x-comma-separated-values', 'text/comma-separated-values', 'application/octet-stream', 'application/vnd.ms-excel', 'text/x-csv', 'text/csv', 'application/csv', 'application/excel', 'application/vnd.msexcel'),
720
'bin' => 'application/macbinary',
721
'dms' => 'application/octet-stream',
722
'lha' => 'application/octet-stream',
723
'lzh' => 'application/octet-stream',
724
'exe' => array('application/octet-stream', 'application/x-msdownload'),
725
'class' => 'application/octet-stream',
726
'psd' => 'application/x-photoshop',
727
'so' => 'application/octet-stream',
728
'sea' => 'application/octet-stream',
729
'dll' => 'application/octet-stream',
730
'oda' => 'application/oda',
731
'pdf' => array('application/pdf', 'application/x-download'),
732
'ai' => 'application/postscript',
733
'eps' => 'application/postscript',
734
'ps' => 'application/postscript',
735
'smi' => 'application/smil',
736
'smil' => 'application/smil',
737
'mif' => 'application/vnd.mif',
738
'xls' => array('application/excel', 'application/vnd.ms-excel', 'application/msexcel'),
739
'ppt' => array('application/powerpoint', 'application/vnd.ms-powerpoint'),
740
'wbxml' => 'application/wbxml',
741
'wmlc' => 'application/wmlc',
742
'dcr' => 'application/x-director',
743
'dir' => 'application/x-director',
744
'dxr' => 'application/x-director',
745
'dvi' => 'application/x-dvi',
746
'gtar' => 'application/x-gtar',
747
'gz' => 'application/x-gzip',
748
'php' => 'application/x-httpd-php',
749
'php4' => 'application/x-httpd-php',
750
'php3' => 'application/x-httpd-php',
751
'phtml' => 'application/x-httpd-php',
752
'phps' => 'application/x-httpd-php-source',
753
'js' => 'application/x-javascript',
754
'swf' => 'application/x-shockwave-flash',
755
'sit' => 'application/x-stuffit',
756
'tar' => 'application/x-tar',
757
'tgz' => array('application/x-tar', 'application/x-gzip-compressed'),
758
'xhtml' => 'application/xhtml+xml',
759
'xht' => 'application/xhtml+xml',
760
'zip' => array('application/x-zip', 'application/zip', 'application/x-zip-compressed'),
761
'mid' => 'audio/midi',
762
'midi' => 'audio/midi',
763
'mpga' => 'audio/mpeg',
764
'mp2' => 'audio/mpeg',
765
'mp3' => array('audio/mpeg', 'audio/mpg', 'audio/mpeg3'),
766
'aif' => 'audio/x-aiff',
767
'aiff' => 'audio/x-aiff',
768
'aifc' => 'audio/x-aiff',
769
'ram' => 'audio/x-pn-realaudio',
770
'rm' => 'audio/x-pn-realaudio',
771
'rpm' => 'audio/x-pn-realaudio-plugin',
772
'ra' => 'audio/x-realaudio',
773
'rv' => 'video/vnd.rn-realvideo',
774
'wav' => 'audio/x-wav',
775
'bmp' => 'image/bmp',
776
'gif' => 'image/gif',
777
'jpeg' => array('image/jpeg', 'image/pjpeg'),
778
'jpg' => array('image/jpeg', 'image/pjpeg'),
779
'jpe' => array('image/jpeg', 'image/pjpeg'),
780
'png' => array('image/png', 'image/x-png'),
781
'tiff' => 'image/tiff',
782
'tif' => 'image/tiff',
783
'css' => 'text/css',
784
'html' => 'text/html',
785
'htm' => 'text/html',
786
'shtml' => 'text/html',
787
'txt' => 'text/plain',
788
'text' => 'text/plain',
789
'log' => array('text/plain', 'text/x-log'),
790
'rtx' => 'text/richtext',
791
'rtf' => 'text/rtf',
792
'xml' => 'text/xml',
793
'xsl' => 'text/xml',
794
'mpeg' => 'video/mpeg',
795
'mpg' => 'video/mpeg',
796
'mpe' => 'video/mpeg',
797
'qt' => 'video/quicktime',
798
'mov' => 'video/quicktime',
799
'avi' => 'video/x-msvideo',
800
'movie' => 'video/x-sgi-movie',
801
'doc' => 'application/msword',
802
'docx' => 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
803
'xlsx' => 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
804
'word' => array('application/msword', 'application/octet-stream'),
805
'xl' => 'application/excel',
806
'eml' => 'message/rfc822'
807
);
808
809
return ( ! isset($mimes[$mime])) ? FALSE : $mimes[$mime];
810
}
811
812
813
/**
814
* Prep Filename
815
*
816
* Prevents possible script execution from Apache's handling of files multiple extensions
817
* http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
818
*
819
* @param string
820
* @return string
821
*/
822
private function _prep_filename($filename) {
823
if (strpos($filename, '.') === FALSE) {
824
return $filename;
825
}
826
827
$parts = explode('.', $filename);
828
$ext = array_pop($parts);
829
$filename = array_shift($parts);
830
831
foreach ($parts as $part) {
832
if ($this->_mimes_types(strtolower($part)) === FALSE) {
833
$filename .= '.'.$part.'_';
834
} else {
835
$filename .= '.'.$part;
836
}
837
}
838
839
// file name override, since the exact name is provided, no need to
840
// run it through a $this->mimes check.
841
if ($this->file_name != '') {
842
$filename = $this->file_name;
843
}
844
845
$filename .= '.'.$ext;
846
847
return $filename;
848
}
849
850
}
851
852
/* End of file: ./system/libraries/upload/upload_library.php */
Page URI: http://www.infopotato.com/index.php/code/library/upload/