function _services_file_check_name_extension in Services 7.3

Sanitizes a user-input file name and extension.

Parameters

string $name: The file name and extension.

Return value

string A safe file name and extension.

2 calls to _services_file_check_name_extension()

_file_resource_create_raw in resources/file_resource.inc: Adds new files and returns the files array.
_services_file_check_destination in resources/file_resource.inc: Sanitizes a user-input file path, name and extension.

File

resources/file_resource.inc, line 460: File resource.

Code

function _services_file_check_name_extension($name) {

  //Fetch the file extensions set in the variable at the time module is enabled
  $extensions = variable_get('services_allowed_extensions', SERVICES_ALLOWED_EXTENSIONS);

  // Get the part of the name after the last period (".").
  $name = explode('.', $name);
  $last = array_pop($name);

  // Make it lowercase for consistency as much as security.
  $extension = strtolower($last);

  // Is this a whitelisted extension?
  if (!in_array($extension, explode(' ', $extensions))) {

    // No.  Restore it to the name and use the default extension, 'txt'.
    $name[] = $last;
    $extension = 'txt';
  }

  // Sanitize the name, apart from the extension.
  $name = _services_file_check_name(implode('.', $name));

  // Is there still a valid name?
  if (0 === strlen($name)) {

    // No. Use the default file name of 'file'.
    $name = 'file';
  }

  // Munge the non-whitelisted secondary file extensions.
  return file_munge_filename("{$name}.{$extension}", $extensions);
}

You are here

function _services_file_check_name_extension in Services 7.3

Parameters

Return value

File

Code

API Navigation