public allowedUpload ( string $originalFilename ) : boolean | ||
$originalFilename | string | |
return | boolean |
public function allowedUpload($originalFilename)
{
// Check if file_uploads ini directive is true
if (ini_get('file_uploads') != 1) {
throw new IOException('File uploads are not allowed, check the file_uploads ini directive.');
}
// no UNIX-hidden files
if ($originalFilename[0] === '.') {
return false;
}
// only whitelisted extensions
$extension = strtolower(Lib::getExtension($originalFilename));
$allowedExtensions = $this->getAllowedUploadExtensions();
return in_array($extension, $allowedExtensions);
}
public function testAllowedUpload() { $app = $this->getApp(); $fp = new FilePermissions($app); $hiddenFile = ".bashrc"; $this->assertFalse($fp->allowedUpload($hiddenFile)); $badExtension = "evil.exe"; $this->assertFalse($fp->allowedUpload($badExtension)); $okFile = "mycoolimage.jpg"; $this->assertTrue($fp->allowedUpload($okFile)); }