51ff3226 |
1 | <?php |
f657368b |
2 | |
233544e1 |
3 | class filez { |
51ff3226 |
4 | |
f657368b |
5 | // Function that check if given filename is "secure" (for uploading) |
6 | // Dont use for reading files, directory traversal is not checked |
7 | |
233544e1 |
8 | public static function upload_filename_secure($name){ |
f657368b |
9 | $suffix = array_pop(explode('.', basename($name))); |
10 | |
11 | // This is unfornately blacklist |
12 | // TODO extend for all possible server configuations |
13 | // TODO: why js? |
233544e1 |
14 | $preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess|htpasswd|asmx)([a-z]*)$/i'; |
f657368b |
15 | if (preg_match($preg_disallowed, $suffix) > 0) { |
16 | return false; |
17 | } |
18 | return true; |
19 | } |
20 | |
51ff3226 |
21 | } |
f657368b |
22 | ?> |