upload_munge_filename
Definition
upload_munge_filename($filename, $extensions = NULL, $alerts = 1)
modules/upload/upload.module, line 632
Description
Munge the filename as needed for security purposes.
Parameters
$filename The name of a file to modify.
$extensions A space separated list of valid extensions. If this is blank, we'll use the admin-defined defaults for the user role from upload_extensions_$rid.
$alerts Whether alerts (watchdog, drupal_set_message()) should be displayed.
Return value
$filename The potentially modified $filename.
Code
<?php
function upload_munge_filename($filename, $extensions = NULL, $alerts = 1) {
global $user;
$original = $filename;
// Allow potentially insecure uploads for very savvy users and admin
if (!variable_get('allow_insecure_uploads', 0)) {
if (!isset($extensions)) {
$extensions = '';
foreach ($user->roles as $rid => $name) {
$extensions .= ' '. variable_get("upload_extensions_$rid", variable_get('upload_extensions_default', 'jpg jpeg gif png txt doc xls pdf ppt pps odt ods odp'));
}
}
$whitelist = array_unique(explode(' ', trim($extensions)));
$filename_parts = explode('.', $filename);
$new_filename = array_shift($filename_parts); // Remove file basename.
$final_extension = array_pop($filename_parts); // Remove final extension.
foreach ($filename_parts as $filename_part) {
$new_filename .= ".$filename_part";
if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
$new_filename .= '_';
}
}
$filename = "$new_filename.$final_extension";
}
if ($alerts && $original != $filename) {
$message = t('Your filename has been renamed to conform to site policy.');
drupal_set_message($message);
}
return $filename;
}
?>