insert-coin/res/library/sanitization.php

<?php

// FILENAME --> SAFE_FILENAME_STRING
//	Sanitize a filename by replacing common suspicious characters with "_".
function sanitize_filename($filename)
{
	$death_characters = array(" ", ",", "<", ">", "/", "\\", "\"", "\'",
				"%", "$", "^");
	$death_filetypes = array(".php", ".sh", ".lisp", ".cl", ".cgi", ".pl");

	$sanitized_filename = str_replace($death_characters, "_", $filename);
	$sanitized_filename = str_replace($death_filetypes, ".inv",
						$sanitized_filename);

	return $sanitized_filename;
}


// IMAGE_PATH --> IMAGE_PATH
//	Sanitize an image (EXIF, etc) with external program from config.php
function sanitize_image($path)
{
	exec($GLOBALS['image_sanitize_command'] . ' '
		. $GLOBALS['image_sanitize_args'] . ' '
		. $path, $result);

	return $path;
}

?>
Split insert-coin.php into multiple files. 2018-10-07 03:36:19 -05:00			`<?php`

			`// FILENAME --> SAFE_FILENAME_STRING`
			`// Sanitize a filename by replacing common suspicious characters with "_".`
			`function sanitize_filename($filename)`
			`{`
More chars to death_list 2018-11-12 07:50:25 -06:00			`$death_characters = array(" ", ",", "<", ">", "/", "\\", "\"", "\'",`
			`"%", "$", "^");`
Blocking of common executable filetypes 2018-11-10 13:57:13 -06:00			`$death_filetypes = array(".php", ".sh", ".lisp", ".cl", ".cgi", ".pl");`
Split insert-coin.php into multiple files. 2018-10-07 03:36:19 -05:00
			`$sanitized_filename = str_replace($death_characters, "_", $filename);`
Blocking of common executable filetypes 2018-11-10 13:57:13 -06:00			`$sanitized_filename = str_replace($death_filetypes, ".inv",`
			`$sanitized_filename);`
Split insert-coin.php into multiple files. 2018-10-07 03:36:19 -05:00
			`return $sanitized_filename;`
			`}`



			`// IMAGE_PATH --> IMAGE_PATH`
			`// Sanitize an image (EXIF, etc) with external program from config.php`
			`function sanitize_image($path)`
			`{`
Pad EXIF program string 2019-01-27 00:13:49 -06:00			`exec($GLOBALS['image_sanitize_command'] . ' '`
			`. $GLOBALS['image_sanitize_args'] . ' '`
			`. $path, $result);`
Split insert-coin.php into multiple files. 2018-10-07 03:36:19 -05:00
			`return $path;`
			`}`

			`?>`