| 1 | <?php |
| 2 | |
| 3 | class filez { |
| 4 | |
| 5 | // Function that check if given filename is "secure" (for uploading) |
| 6 | // Dont use for reading files, directory traversal is not checked |
| 7 | |
| 8 | public static function upload_filename_secure($name){ |
| 9 | $suffix = array_pop(explode('.', basename($name))); |
| 10 | |
| 11 | // This is unfornately blacklist |
| 12 | // TODO extend for all possible server configuations |
| 13 | // TODO: why js? |
| 14 | $preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess|htpasswd|asmx)([a-z]*)$/i'; |
| 15 | if (preg_match($preg_disallowed, $suffix) > 0) { |
| 16 | return false; |
| 17 | } |
| 18 | return true; |
| 19 | } |
| 20 | |
| 21 | } |
| 22 | ?> |