function __wppa_sanitize_files($root) { global $wppa_supported_video_extensions; global $wppa_supported_audio_extensions; // See what's in there $allowed_types = array('zip', 'jpg', 'jpeg', 'png', 'gif', 'amf', 'pmf', 'bak', 'log', 'csv'); if (is_array($wppa_supported_video_extensions)) { $allowed_types = array_merge($allowed_types, $wppa_supported_video_extensions); } if (is_array($wppa_supported_audio_extensions)) { $allowed_types = array_merge($allowed_types, $wppa_supported_audio_extensions); } $paths = $root . '/*'; $files = glob($paths); $count = '0'; if ($files) { foreach ($files as $file) { if (is_file($file)) { $ext = strtolower(substr(strrchr($file, "."), 1)); if (!in_array($ext, $allowed_types)) { unlink($file); wppa_error_message(sprintf(__('File %s is of an unsupported filetype and has been removed.', 'wp-photo-album-plus'), basename(wppa_sanitize_file_name($file)))); $count++; } } elseif (is_dir($file)) { $entry = basename($file); if ($entry != '.' && $entry != '..') { __wppa_sanitize_files($file); } } } } return $count; }
function __wppa_sanitize_files($root) { global $wppa_supported_video_extensions; global $wppa_supported_audio_extensions; // See what's in there $allowed_types = array('zip', 'jpg', 'jpeg', 'png', 'gif', 'amf', 'pmf', 'bak', 'log', 'csv'); if (is_array($wppa_supported_video_extensions)) { $allowed_types = array_merge($allowed_types, $wppa_supported_video_extensions); } if (is_array($wppa_supported_audio_extensions)) { $allowed_types = array_merge($allowed_types, $wppa_supported_audio_extensions); } $paths = $root . '/*'; $files = glob($paths); $count = '0'; if ($files) { foreach ($files as $file) { if (is_file($file)) { $ext = strtolower(substr(strrchr($file, "."), 1)); if (!in_array($ext, $allowed_types)) { unlink($file); wppa_error_message(sprintf(__('File %s is of an unsupported filetype and has been removed.', 'wp-photo-album-plus'), basename(wppa_sanitize_file_name($file)))); $count++; } // Sanitize filename $dirname = dirname($file); $filename = basename($file); // Can not use sanitize_file_name() because it removes spaces that are not illegal in most servers. $filename = strip_tags(stripslashes($filename)); //sanitize_text_field( $filename ); if (!seems_utf8($filename)) { $filename = utf8_encode($filename); } $newname = $dirname . '/' . $filename; if ($newname != $file) { rename($file, $newname); } } elseif (is_dir($file)) { $entry = basename($file); if ($entry != '.' && $entry != '..') { __wppa_sanitize_files($file); } } } } return $count; }