Reputation: 3111
Using sanitize_filename() during File Upload in Codeigniter
I've been looking into securing my files that are uploaded to my server.
I came across $this->security->sanitize_filename() in the documentation but I can't figure out how to use it for file names during file upload. I don't want someone to name a file something malicious like Something<?php exit;?>.jpg or something with slashes that could mess with url paths.
Does the file upload class in Codeigniter automatically use sanitize_filename? If not, how can I use it?
Do I need to do something with $_FILES first, then use sanitize_filename, then pass it to file_name in the upload config? How can I access the file name from $_FILES?
Upvotes: 1
Views: 5466
Answers (3)
Reputation: 3213
You can use Security Helper for this.
encode_php_tags() to make php tags to html entities.
Upvotes: 1
Reputation: 11
just add this config to your upload configs
.
.
$config['encrypt_name'] = TRUE
.
.
$this->load->library('upload', $config); // Or $this->upload->initialize($config); if you already loaded the upload library
check the codeigniter user guide: http://codeigniter.com/user_guide/libraries/file_uploading.html
This config encrypt the filename.
Upvotes: 0
Reputation: 3111
I just added this to my file upload config.
$filename = $this->security->sanitize_filename($this->input->post('file'));
$config['file_name'] = $filename;
Upvotes: 3
Related Questions
- string sanitizer for filename
- How to insert filename in database using codeigniter upload lib
- PHP: How to sanitize uploaded filenames?
- File name not grabbed when using CodeIgniter upload library
- Codeigniter upload issue: file_name doesn't work fine
- Avoid replacing of space in filename with underscore while uploading
- Codeigniter failed to upload and can't get file_name
- Codeigniter upload file and save name with special caracters
- File rename in codeigniter?
- Check the file name in CodeIgniter file upload function