This prevents people from embedding malicious code in their files.
I'm not sure that it won't negatively affect certain files in unexpected ways,
but so far I haven't found that it causes trouble.
public do_xss_clean ( ) : string | ||
return | string |
/** * do xss clean * this plugin makes sure that images do not get xss unless under very certain criteria * borrowed from CI 2.x mecurial repo * * @access public * @return bool */ public function do_xss_clean() { $file = $this->upload_path . $this->file_name; if (filesize($file) == 0) { return FALSE; } if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '') { $current = ini_get('memory_limit') * 1024 * 1024; $new_memory = number_format(ceil(filesize($file) + $current), 0, '.', ''); ini_set('memory_limit', $new_memory); // When an integer is used, the value is measured in bytes. - PHP.net } if (function_exists('getimagesize') && @getimagesize($file) !== FALSE) { if (($file = @fopen($file, 'rb')) === FALSE) { return FALSE; // Couldn't open the file, return FALSE } $opening_bytes = fread($file, 256); fclose($file); if (!preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\\s>]/i', $opening_bytes)) { return TRUE; // its an image, no "triggers" detected in the first 256 bytes, we're good } } //do default parent::do_xss_clean($types); }