[mirrors/Kyberia-bloodline.git] / wwwroot / inc / filez.inc

<?php

class filez {

// Function that check if given filename is "secure" (for uploading)
// Dont use for reading files, directory traversal is not checked

public static function upload_filename_secure($name){
	$suffix = array_pop(explode('.', basename($name)));
	
	// This is unfornately blacklist
	// TODO extend for all possible server configuations
	// TODO: why js?
	$preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess|htpasswd|asmx)([a-z]*)$/i';
	if (preg_match($preg_disallowed, $suffix) > 0) {
		return false;
	}
	return true;
}

}
?>
Commit	Line	Data
51ff3226	1	<?php
f657368b	2
233544e1	3	class filez {
51ff3226	4
f657368b	5	// Function that check if given filename is "secure" (for uploading)
	6	// Dont use for reading files, directory traversal is not checked
	7
233544e1	8	public static function upload_filename_secure($name){
f657368b	9	$suffix = array_pop(explode('.', basename($name)));
	10
	11	// This is unfornately blacklist
	12	// TODO extend for all possible server configuations
	13	// TODO: why js?
233544e1	14	$preg_disallowed = '/([a-z])(php\|htm\|inc\|js\|vbs\|cgi\|asp\|jsp\|htaccess\|htpasswd\|asmx)([a-z])$/i';
f657368b	15	if (preg_match($preg_disallowed, $suffix) > 0) {
	16	return false;
	17	}
	18	return true;
	19	}
	20
51ff3226	21	}
f657368b	22	?>