Overview

Packages

  • application
    • commands
    • components
      • actions
      • filters
      • leftWidget
      • permissions
      • sortableWidget
      • util
      • webupdater
      • x2flow
        • actions
        • triggers
      • X2GridView
      • X2Settings
    • controllers
    • models
      • embedded
    • modules
      • accounts
        • controllers
        • models
      • actions
        • controllers
        • models
      • calendar
        • controllers
        • models
      • charts
        • models
      • contacts
        • controllers
        • models
      • docs
        • components
        • controllers
        • models
      • groups
        • controllers
        • models
      • marketing
        • components
        • controllers
        • models
      • media
        • controllers
        • models
      • mobile
        • components
      • opportunities
        • controllers
        • models
      • products
        • controllers
        • models
      • quotes
        • controllers
        • models
      • services
        • controllers
        • models
      • template
        • models
      • users
        • controllers
        • models
      • workflow
        • controllers
        • models
      • x2Leads
        • controllers
        • models
  • None
  • system
    • base
    • caching
    • console
    • db
      • ar
      • schema
    • validators
    • web
      • actions
      • auth
      • helpers
      • widgets
        • captcha
        • pagers
  • zii
    • widgets
      • grid

Classes

  • FileUploadsFilter
  • X2AjaxHandlerFilter
  • Overview
  • Package
  • Class
  • Tree

Class FileUploadsFilter

Checks uploaded files in the web request for invalid extensions.

Intended as a catch-all for attempted arbitrary file type uploads.

CComponent
Extended by CFilter implements IFilter
Extended by FileUploadsFilter
Package: application\components\filters
Author: Demitri Morgan <demitri@x2engine.com>
Located at x2engine/protected/components/filters/FileUploadsFilter.php
Methods summary
public
# checkFilename( array $filename )

Returns true if the file is safe to upload.

Returns true if the file is safe to upload.

Will use fileinfo if available for determining mime type of the uploaded file.

Parameters

$filename
array
$file
public
# checkFiles( array $inputs )
protected boolean
# preFilter( CFilterChain $filterChain )

Performs the pre-action filtering.

Performs the pre-action filtering.

Parameters

$filterChain
CFilterChain
$filterChain the filter chain that the filter is on.

Returns

boolean
whether the filtering process should continue and the action should be executed.

Overrides

CFilter::preFilter()
Methods inherited from CFilter
filter(), init(), postFilter()
Methods inherited from CComponent
__call(), __get(), __isset(), __set(), __unset(), asa(), attachBehavior(), attachBehaviors(), attachEventHandler(), canGetProperty(), canSetProperty(), detachBehavior(), detachBehaviors(), detachEventHandler(), disableBehavior(), disableBehaviors(), enableBehavior(), enableBehaviors(), evaluateExpression(), getEventHandlers(), hasEvent(), hasEventHandler(), hasProperty(), raiseEvent()
Constants summary
string EXT_BLACKLIST '/\.\s*(?P<ext>html|htm|js|jsb|mhtml|mht|xhtml|xht|php|pht|phtml|php3|php4|php5|phps|shtml|jhtml|pl|py|cgi|exe|scr|dll|msi|vbs|bat|com|pif|cmd|vxd|cpl|ini|conf|cnf|key|iv|htaccess)\b/i'
#

Regular expression for blacklisted files.

Regular expression for blacklisted files.

Does not match end of string to prevent circumvention via the methods described in OWASP's Unrestricted File Upload article:

https://www.owasp.org/index.php/Unrestricted_File_Upload#Using_Black-List_for_Files.E2.80.99_Extensions
X2CRM Documentation API documentation generated by ApiGen 2.8.0