Permalink
Browse files

Merge pull request #66 from OmarElGabry/patch-1

Make sure file name is safe
  • Loading branch information...
2 parents e7cc1f8 + 001cd94 commit 81db4eabba4f645f9747067211ce6f01f54e0701 @brandonsavage committed Mar 3, 2016
Showing with 7 additions and 3 deletions.
  1. +7 −3 src/Upload/FileInfo.php
View
@@ -72,8 +72,8 @@ class FileInfo extends \SplFileInfo implements \Upload\FileInfoInterface
public function __construct($filePathname, $newName = null)
{
$desiredName = is_null($newName) ? $filePathname : $newName;
- $this->name = pathinfo($desiredName, PATHINFO_FILENAME);
- $this->extension = strtolower(pathinfo($desiredName, PATHINFO_EXTENSION));
+ $this->setName(pathinfo($desiredName, PATHINFO_FILENAME));
+ $this->setExtension(pathinfo($desiredName, PATHINFO_EXTENSION));
parent::__construct($filePathname);
}
@@ -90,12 +90,16 @@ public function getName()
/**
* Set file name (without extension)
+ *
+ * It also makes sure file name is safe
*
* @param string $name
* @return \Upload\FileInfo Self
*/
public function setName($name)
{
+ $name = preg_replace("/([^\w\s\d\-_~,;:\[\]\(\).]|[\.]{2,})/", "", $name);
+ $name = basename($name);
$this->name = $name;
return $this;
@@ -119,7 +123,7 @@ public function getExtension()
*/
public function setExtension($extension)
{
- $this->extension = $extension;
+ $this->extension = strtolower($extension);
return $this;
}

0 comments on commit 81db4ea

Please sign in to comment.