Révision b4adf10d
Ajouté par Assos Assos il y a plus de 9 ans
drupal7/includes/file.inc | ||
---|---|---|
1152 | 1152 |
// Remove any null bytes. See http://php.net/manual/security.filesystem.nullbytes.php |
1153 | 1153 |
$filename = str_replace(chr(0), '', $filename); |
1154 | 1154 |
|
1155 |
$whitelist = array_unique(explode(' ', trim($extensions)));
|
|
1155 |
$whitelist = array_unique(explode(' ', strtolower(trim($extensions))));
|
|
1156 | 1156 |
|
1157 | 1157 |
// Split the filename up by periods. The first part becomes the basename |
1158 | 1158 |
// the last part the final extension. |
... | ... | |
1165 | 1165 |
// of allowed extensions. |
1166 | 1166 |
foreach ($filename_parts as $filename_part) { |
1167 | 1167 |
$new_filename .= '.' . $filename_part; |
1168 |
if (!in_array($filename_part, $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
|
|
1168 |
if (!in_array(strtolower($filename_part), $whitelist) && preg_match("/^[a-zA-Z]{2,5}\d?$/", $filename_part)) {
|
|
1169 | 1169 |
$new_filename .= '_'; |
1170 | 1170 |
} |
1171 | 1171 |
} |
... | ... | |
1729 | 1729 |
/** |
1730 | 1730 |
* Checks that the file's size is below certain limits. |
1731 | 1731 |
* |
1732 |
* This check is not enforced for the user #1. |
|
1733 |
* |
|
1734 | 1732 |
* @param $file |
1735 | 1733 |
* A Drupal file object. |
1736 | 1734 |
* @param $file_limit |
... | ... | |
1748 | 1746 |
*/ |
1749 | 1747 |
function file_validate_size(stdClass $file, $file_limit = 0, $user_limit = 0) { |
1750 | 1748 |
global $user; |
1751 |
|
|
1752 | 1749 |
$errors = array(); |
1753 | 1750 |
|
1754 |
// Bypass validation for uid = 1. |
|
1755 |
if ($user->uid != 1) { |
|
1756 |
if ($file_limit && $file->filesize > $file_limit) { |
|
1757 |
$errors[] = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($file->filesize), '%maxsize' => format_size($file_limit))); |
|
1758 |
} |
|
1751 |
if ($file_limit && $file->filesize > $file_limit) { |
|
1752 |
$errors[] = t('The file is %filesize exceeding the maximum file size of %maxsize.', array('%filesize' => format_size($file->filesize), '%maxsize' => format_size($file_limit))); |
|
1753 |
} |
|
1759 | 1754 |
|
1760 |
// Save a query by only calling file_space_used() when a limit is provided. |
|
1761 |
if ($user_limit && (file_space_used($user->uid) + $file->filesize) > $user_limit) { |
|
1762 |
$errors[] = t('The file is %filesize which would exceed your disk quota of %quota.', array('%filesize' => format_size($file->filesize), '%quota' => format_size($user_limit))); |
|
1763 |
} |
|
1755 |
// Save a query by only calling file_space_used() when a limit is provided. |
|
1756 |
if ($user_limit && (file_space_used($user->uid) + $file->filesize) > $user_limit) { |
|
1757 |
$errors[] = t('The file is %filesize which would exceed your disk quota of %quota.', array('%filesize' => format_size($file->filesize), '%quota' => format_size($user_limit))); |
|
1764 | 1758 |
} |
1759 |
|
|
1765 | 1760 |
return $errors; |
1766 | 1761 |
} |
1767 | 1762 |
|
Formats disponibles : Unified diff
Udpate to 7.33