This prevents people from embedding malicious code in their files.
I'm not sure that it won't negatively affect certain files in unexpected ways,
but so far I haven't found that it causes trouble.
| public do_xss_clean ( ) : string | ||
| Résultat | string | |
/**
* do xss clean
* this plugin makes sure that images do not get xss unless under very certain criteria
* borrowed from CI 2.x mecurial repo
*
* @access public
* @return bool
*/
public function do_xss_clean()
{
$file = $this->upload_path . $this->file_name;
if (filesize($file) == 0) {
return FALSE;
}
if (function_exists('memory_get_usage') && memory_get_usage() && ini_get('memory_limit') != '') {
$current = ini_get('memory_limit') * 1024 * 1024;
$new_memory = number_format(ceil(filesize($file) + $current), 0, '.', '');
ini_set('memory_limit', $new_memory);
// When an integer is used, the value is measured in bytes. - PHP.net
}
if (function_exists('getimagesize') && @getimagesize($file) !== FALSE) {
if (($file = @fopen($file, 'rb')) === FALSE) {
return FALSE;
// Couldn't open the file, return FALSE
}
$opening_bytes = fread($file, 256);
fclose($file);
if (!preg_match('/<(a|body|head|html|img|plaintext|pre|script|table|title)[\\s>]/i', $opening_bytes)) {
return TRUE;
// its an image, no "triggers" detected in the first 256 bytes, we're good
}
}
//do default
parent::do_xss_clean($types);
}