You are here

function upload_munge_filename in Drupal 4

Same name and namespace in other branches
  1. 5 modules/upload/upload.module \upload_munge_filename()

Munge the filename as needed for security purposes.

Parameters

$filename: The name of a file to modify.

$extensions: A space separated list of valid extensions. If this is blank, we'll use the admin-defined defaults for the user role from upload_extensions_$rid.

$alerts: Whether alerts (watchdog, drupal_set_message()) should be displayed.

Return value

$filename The potentially modified $filename.

1 call to upload_munge_filename()
_upload_prepare in modules/upload.module
Save new uploads and attach them to the node object. append file_previews to the node object as well.

File

modules/upload.module, line 529
File-handling and attaching files to nodes.

Code

function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
  global $user;
  $original = $filename;

  // Allow potentially insecure uploads for very savvy users and admin
  if (!variable_get('allow_insecure_uploads', 0)) {
    if (!isset($extensions)) {
      $extensions = '';
      foreach ($user->roles as $rid => $name) {
        $extensions .= ' ' . variable_get("upload_extensions_{$rid}", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls xls pdf ppt pps odt ods odp'));
      }
    }
    $whitelist = array_unique(explode(' ', trim($extensions)));
    $filename_parts = explode('.', $filename);
    $new_filename = array_shift($filename_parts);

    // Remove file basename.
    $final_extension = array_pop($filename_parts);

    // Remove final extension.
    foreach ($filename_parts as $filename_part) {
      $new_filename .= ".{$filename_part}";
      if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\\d?\$/", $filename_part)) {
        $new_filename .= '_';
      }
    }
    $filename = "{$new_filename}.{$final_extension}";
  }
  if ($alerts && $original != $filename) {
    $message = t('Your filename has been renamed to conform to site policy.');
    drupal_set_message($message);
  }
  return $filename;
}