function _services_file_check_name_extension in Services 7.3
Sanitizes a user-input file name and extension.
Parameters
string $name: The file name and extension.
Return value
string A safe file name and extension.
2 calls to _services_file_check_name_extension()
- _file_resource_create_raw in resources/
file_resource.inc - Adds new files and returns the files array.
- _services_file_check_destination in resources/
file_resource.inc - Sanitizes a user-input file path, name and extension.
File
- resources/
file_resource.inc, line 460 - File resource.
Code
function _services_file_check_name_extension($name) {
//Fetch the file extensions set in the variable at the time module is enabled
$extensions = variable_get('services_allowed_extensions', SERVICES_ALLOWED_EXTENSIONS);
// Get the part of the name after the last period (".").
$name = explode('.', $name);
$last = array_pop($name);
// Make it lowercase for consistency as much as security.
$extension = strtolower($last);
// Is this a whitelisted extension?
if (!in_array($extension, explode(' ', $extensions))) {
// No. Restore it to the name and use the default extension, 'txt'.
$name[] = $last;
$extension = 'txt';
}
// Sanitize the name, apart from the extension.
$name = _services_file_check_name(implode('.', $name));
// Is there still a valid name?
if (0 === strlen($name)) {
// No. Use the default file name of 'file'.
$name = 'file';
}
// Munge the non-whitelisted secondary file extensions.
return file_munge_filename("{$name}.{$extension}", $extensions);
}