function upload_munge_filename in Drupal 4
Same name and namespace in other branches
- 5 modules/upload/upload.module \upload_munge_filename()
Munge the filename as needed for security purposes.
Parameters
$filename: The name of a file to modify.
$extensions: A space separated list of valid extensions. If this is blank, we'll use the admin-defined defaults for the user role from upload_extensions_$rid.
$alerts: Whether alerts (watchdog, drupal_set_message()) should be displayed.
Return value
$filename The potentially modified $filename.
1 call to upload_munge_filename()
- _upload_prepare in modules/
upload.module - Save new uploads and attach them to the node object. append file_previews to the node object as well.
File
- modules/
upload.module, line 529 - File-handling and attaching files to nodes.
Code
function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
global $user;
$original = $filename;
// Allow potentially insecure uploads for very savvy users and admin
if (!variable_get('allow_insecure_uploads', 0)) {
if (!isset($extensions)) {
$extensions = '';
foreach ($user->roles as $rid => $name) {
$extensions .= ' ' . variable_get("upload_extensions_{$rid}", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls xls pdf ppt pps odt ods odp'));
}
}
$whitelist = array_unique(explode(' ', trim($extensions)));
$filename_parts = explode('.', $filename);
$new_filename = array_shift($filename_parts);
// Remove file basename.
$final_extension = array_pop($filename_parts);
// Remove final extension.
foreach ($filename_parts as $filename_part) {
$new_filename .= ".{$filename_part}";
if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\\d?\$/", $filename_part)) {
$new_filename .= '_';
}
}
$filename = "{$new_filename}.{$final_extension}";
}
if ($alerts && $original != $filename) {
$message = t('Your filename has been renamed to conform to site policy.');
drupal_set_message($message);
}
return $filename;
}