XpressEngine Core  1.11.2
 All Classes Namespaces Files Functions Variables Pages
Static Public Member Functions | Static Protected Member Functions | List of all members
UploadFileFilter Class Reference

Static Public Member Functions

static check ($file, $filename=null)
 

Static Protected Member Functions

static _checkSVG ($fp, $from, $to)
 
static _checkXML ($fp, $from, $to)
 
static _checkHTML ($fp, $from, $to)
 
static _matchStream ($regexp, $fp, $from, $to, $block_size=16384, $overlap_size=1024)
 

Detailed Description

Definition at line 6 of file UploadFileFilter.class.php.

Member Function Documentation

static UploadFileFilter::_checkHTML (   $fp,
  $from,
  $to 
)
staticprotected

Check HTML file for PHP code, server-side includes, and other nastiness.

Parameters
resource$fp
int$from
int$to
Returns
bool

Definition at line 111 of file UploadFileFilter.class.php.

static UploadFileFilter::_checkSVG (   $fp,
  $from,
  $to 
)
staticprotected

Check SVG file for XSS or SSRF vulnerabilities (#1088, #1089)

Parameters
resource$fp
int$from
int$to
Returns
bool

Definition at line 71 of file UploadFileFilter.class.php.

static UploadFileFilter::_checkXML (   $fp,
  $from,
  $to 
)
staticprotected

Check XML file for external entity inclusion.

Parameters
resource$fp
int$from
int$to
Returns
bool

Definition at line 93 of file UploadFileFilter.class.php.

static UploadFileFilter::_matchStream (   $regexp,
  $fp,
  $from,
  $to,
  $block_size = 16384,
  $overlap_size = 1024 
)
staticprotected

Match a stream against a regular expression.

This method is useful when dealing with large files, because we don't need to load the entire file into memory. We allow a generous overlap in case the matching string occurs across a block boundary.

Parameters
string$regexp
resource$fp
int$from
int$to
int$block_size(optional)
int$overlap_size(optional)
Returns
bool

Definition at line 137 of file UploadFileFilter.class.php.

static UploadFileFilter::check (   $file,
  $filename = null 
)
static

Generic checker

Parameters
string$file
string$filename
Returns
bool

Definition at line 15 of file UploadFileFilter.class.php.


The documentation for this class was generated from the following file: