search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ongoing new datepicker project
[openemr.git] / library / sanitize.inc.php
blob73727697e9e275090ee5eba1751a0ef838a27def
1 <?php
2 /**
3 * Function to check and/or sanitize things for security such as
4 * directories names, file names, etc.
5 *
6 * Copyright (C) 2012 by following Brady Miller <brady.g.miller@gmail.com>
7 *
8 * LICENSE: This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version 3
11 * of the License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see <http://opensource.org/licenses/gpl-license.php>;.
18 *
19 * @package OpenEMR
20 * @author Brady Miller <brady.g.miller@gmail.com>
21 * @author Roberto Vasquez <robertogagliotta@gmail.com>
22 * @author Shachar Zilbershlag <shaharzi@matrix.co.il>
23 * @link http://www.open-emr.org
24 */
25 // If the label contains any illegal characters, then the script will die.
26 function check_file_dir_name($label) {
27 if (empty($label) || preg_match('/[^A-Za-z0-9_.-]/', $label))
28 die(xlt("ERROR: The following variable contains invalid characters").": ". attr($label));
29 }
30
31 // Convert all illegal characters to _
32 function convert_safe_file_dir_name($label) {
33 return preg_replace('/[^A-Za-z0-9_.-]/','_',$label);
34 }
35
36 //Basename functionality for nonenglish languages (without this, basename function ommits nonenglish characters).
37 function basename_international($path){
38 $parts = preg_split('~[\\\\/]~', $path);
39 foreach ($parts as $key => $value){
40 $encoded = urlencode($value);
41 $parts[$key] = $encoded;
42 }
43 $encoded_path = implode("/", $parts);
44 $encoded_file_name = basename($encoded_path);
45 $decoded_file_name = urldecode($encoded_file_name);
46
47 return $decoded_file_name;
48 }
49
50
51 /**
52 * This function detects a MIME type for a file and check if it in the white list of the allowed mime types.
53 * @param string $file - file location.
54 * @param array|null $whiteList - array of mime types that allowed to upload.
55 */
56 // Regarding the variable below. In the case of multiple file upload the isWhiteList function will run multiple
57 // times, therefore, storing the white list in the variable below to prevent multiple requests from database.
58 $white_list = null;
59 function isWhiteFile($file){
60 global $white_list;
61 if(is_null($white_list)){
62 $white_list = array();
63 $lres = sqlStatement("SELECT option_id FROM list_options WHERE list_id = 'files_white_list' AND activity = 1");
64 while ($lrow = sqlFetchArray($lres)) {
65 $white_list[] = $lrow['option_id'];
66 }
67 }
68
69 $mimetype = mime_content_type($file);
70 if(in_array($mimetype, $white_list)){
71 return true;
72 } else {
73 $splitMimeType = explode('/', $mimetype);
74 $categoryType = $splitMimeType[0];
75 if(in_array($categoryType. '/*', $white_list))return true;
76 }
77 return false;
78 }
79
80 ?>
Mirror of official OpenEMR Sourceforge repository