2018-10-07 03:36:19 -05:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
|
|
// FILENAME --> SAFE_FILENAME_STRING
|
|
|
|
// Sanitize a filename by replacing common suspicious characters with "_".
|
|
|
|
function sanitize_filename($filename)
|
|
|
|
{
|
|
|
|
$death_characters = array(" ", ",", "/", "\\", "%", "$", "^");
|
2018-11-10 13:57:13 -06:00
|
|
|
$death_filetypes = array(".php", ".sh", ".lisp", ".cl", ".cgi", ".pl");
|
2018-10-07 03:36:19 -05:00
|
|
|
|
|
|
|
$sanitized_filename = str_replace($death_characters, "_", $filename);
|
2018-11-10 13:57:13 -06:00
|
|
|
$sanitized_filename = str_replace($death_filetypes, ".inv",
|
|
|
|
$sanitized_filename);
|
2018-10-07 03:36:19 -05:00
|
|
|
|
|
|
|
return $sanitized_filename;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// IMAGE_PATH --> IMAGE_PATH
|
|
|
|
// Sanitize an image (EXIF, etc) with external program from config.php
|
|
|
|
function sanitize_image($path)
|
|
|
|
{
|
|
|
|
exec($image_sanitize_command . $image_sanitize_args . $path, $result);
|
|
|
|
|
|
|
|
return $path;
|
|
|
|
}
|
|
|
|
|
|
|
|
?>
|