/** * Returns true if the file is a valid upload, after making it go through all * our tests. * * @param upload An FileUpload object containing information about the file * @return Returns true if it is valid or a negative value meaning an error otherwise: * <ul><li>ERROR_UPLOAD_TOO_BIG (-1): The file bigger than the maximum allowed size</li> * <li>ERROR_FORBIDDEN_EXTENSION: The file has a forbidden extension.</li></ul> */ function validate($upload) { $config =& Config::getConfig(); $forbiddenFilesStr = $config->getValue("upload_forbidden_files"); $maxUploadSize = $config->getValue("maximum_file_upload_size"); // check if we received an object of the right type, or else just quit if ($upload == null) { return false; } // first of all, check the size if ($maxUploadSize != 0 && $upload->getSize() > $maxUploadSize) { return UPLOAD_VALIDATOR_ERROR_UPLOAD_TOO_BIG; } // return true if there's nothing to do if (empty($forbiddenFilesStr) || !$forbiddenFilesStr) { return true; } // check if the filename extension is forbidden or not $fileName = basename($upload->getFileName()); foreach (explode(" ", $forbiddenFilesStr) as $file) { if (Glob::myFnmatch($file, $fileName)) { return UPLOAD_VALIDATOR_ERROR_FORBIDDEN_EXTENSION; } } return true; }
/** * Our own equivalent of fnmatch that is only available in php 4.3.x. * * Based on a user-contributed code for the fnmatch php function here: * http://www.php.net/manual/en/function.fnmatch.php */ function myFnmatch($pattern, $file) { for ($i = 0; $i < strlen($pattern); $i++) { if ($pattern[$i] == "*") { for ($c = $i; $c < max(strlen($pattern), strlen($file)); $c++) { if (Glob::myFnmatch(substr($pattern, $i + 1), substr($file, $c))) { return true; } } return false; } if ($pattern[$i] == "[") { $letter_set = array(); for ($c = $i + 1; $c < strlen($pattern); $c++) { if ($pattern[$c] != "]") { array_push($letter_set, $pattern[$c]); } else { break; } } foreach ($letter_set as $letter) { if (Glob::myFnmatch($letter . substr($pattern, $c + 1), substr($file, $i))) { return true; } } return false; } if ($pattern[$i] == "?") { continue; } if ($pattern[$i] != $file[$i]) { return false; } } return true; }