| 5 upload.module | upload_munge_filename($filename, $extensions = NULL, $alerts = 1) |
Munge the filename as needed for security purposes.
Parameters
$filename: The name of a file to modify.
$extensions: A space separated list of valid extensions. If this is blank, we'll use the admin-defined defaults for the user role from upload_extensions_$rid.
$alerts: Whether alerts (watchdog, drupal_set_message()) should be displayed.
Return value
$filename The potentially modified $filename.
1 call to upload_munge_filename()
File
- modules/
upload/ upload.module, line 633 - File-handling and attaching files to nodes.
Code
function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
global $user;
$original = $filename;
// Allow potentially insecure uploads for very savvy users and admin
if (!variable_get('allow_insecure_uploads', 0)) {
if (!isset($extensions)) {
$extensions = '';
foreach ($user->roles as $rid => $name) {
$extensions .= ' ' . variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
}
}
$whitelist = array_unique(explode(' ', trim($extensions)));
$filename_parts = explode('.', $filename);
$new_filename = array_shift($filename_parts); // Remove file basename.
$final_extension = array_pop($filename_parts); // Remove final extension.
foreach ($filename_parts as $filename_part) {
$new_filename .= ".$filename_part";
if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
$new_filename .= '_';
}
}
$filename = "$new_filename.$final_extension";
}
if ($alerts && $original != $filename) {
$message = t('Your filename has been renamed to conform to site policy.');
drupal_set_message($message);
}
return $filename;
}