PHP bad_filename Examples

Programming Language: PHP

Method/Function: bad_filename

Examples at hotexamples.com: 2

PHP bad_filename - 2 examples found. These are the top rated real world PHP examples of bad_filename extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: get_attachment.php Project: cjbayliss/alloc

 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or (at
 * your option) any later version.
 * 
 * allocPSA is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Affero General Public License
 * along with allocPSA. If not, see <http://www.gnu.org/licenses/>.
*/
// For use like get_attachment.php?entity=project&id=5&file=foo.bar
require_once "../alloc.php";
$file = $_GET["file"];
if (isset($_GET["id"]) && $file && !bad_filename($file)) {
    $entity = new $_GET["entity"]();
    $entity->set_id(sprintf("%d", $_GET["id"]));
    $entity->select();
    $file = ATTACHMENTS_DIR . $_GET["entity"] . "/" . $_GET["id"] . "/" . $file;
    if ($entity->has_attachment_permission($current_user)) {
        if (file_exists($file)) {
            $fp = fopen($file, "rb");
            $mimetype = get_mimetype($file);
            // Forge html for the whatsnew files
            if (basename(dirname(dirname($file))) == "whatsnew") {
                $forged_suffix = ".html";
                $mimetype = "text/html";
            }
            header('Content-Type: ' . $mimetype);
            header("Content-Length: " . filesize($file));

Example #2

Show file

File: backup.php Project: cjbayliss/alloc

if ($_POST["create_backup"]) {
    $backup->backup();
}
if ($_POST["restore_backup"]) {
    $backup->backup();
    if ($backup->restore($_POST["file"])) {
        $TPL["message_good"][] = "Backup restored successfully: " . $_POST["file"];
        $TPL["message_good"][] = "You will now need to manually import the installation/db_triggers.sql file into your database. THIS IS VERY IMPORTANT.";
    } else {
        alloc_error("Error restoring backup: " . $_POST["file"]);
    }
}
if ($_POST["delete_backup"]) {
    # Can't go through the normal del_attachments thing because this isn't a real entity
    $file = $_POST["file"];
    if (bad_filename($file)) {
        alloc_error("File delete error: Name contains slashes.");
    }
    $path = ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . $file;
    if (!is_file($path)) {
        alloc_error("File delete error: Not a file.");
    }
    if (dirname(ATTACHMENTS_DIR . "backups" . DIRECTORY_SEPARATOR . "0" . DIRECTORY_SEPARATOR . ".") != dirname($path)) {
        alloc_error("File delete error: Bad path.");
    }
    unlink($path);
}
if ($_POST["save_attachment"]) {
    move_attachment("backups", 0);
}
$TPL["main_alloc_title"] = "Database Backups - " . APPLICATION_NAME;