/** * Filename Security * * @param string * @param bool * @return string */ static function sanitize_filename($str, $relative_path = FALSE) { $bad = array("../", "<!--", "-->", "<", ">", "'", '"', '&', '$', '#', '{', '}', '[', ']', '=', ';', '?', "%20", "%22", "%3c", "%253c", "%3e", "%0e", "%28", "%29", "%2528", "%26", "%24", "%3f", "%3b", "%3d"); if (!$relative_path) { $bad[] = './'; $bad[] = '/'; } $str = IFilter::remove_invisible_characters($str, FALSE); return stripslashes(str_replace($bad, '', $str)); }