From b61c918e05124ddb0bb3102a626ca913a0ab4f3a Mon Sep 17 00:00:00 2001 From: polo Date: Thu, 19 Jun 2025 02:53:01 +0200 Subject: =?UTF-8?q?upload=20image=20=C3=A9diteur:=20nom=20d'origine=20+=20?= =?UTF-8?q?uniqid=20+=20extension=20d'origine=20dans=20une=20liste=20autor?= =?UTF-8?q?is=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controller/Security.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'src/controller/Security.php') diff --git a/src/controller/Security.php b/src/controller/Security.php index 7d592e9..cd31cb8 100644 --- a/src/controller/Security.php +++ b/src/controller/Security.php @@ -59,11 +59,15 @@ class Security // => on remplace tout par des _ // filtrer / et \ semble inutile - $cibles = [' ', '/', '\\', ':', '*', '?', '<', '>', '|', '=', "'", '`', '"', '%22', '#']; + /*$cibles = [' ', '/', '\\', ':', '*', '?', '<', '>', '|', '=', "'", '`', '"', '%22', '#']; $chaine = str_replace($cibles, '_', $chaine); // nécéssite l'extension mbstring $chaine = mb_strtolower($chaine); - return($chaine); - + return($chaine);*/ + + $chaine = preg_replace('/[^a-zA-Z0-9_-]/', '_', $chaine); // ne garder que les lettres, chiffres, tirets et underscores + $chaine = preg_replace('/_+/', '_', $chaine); // doublons d'underscores + return trim($chaine, '_'); + // les problèmes avec \ persistent !! // => javascript // malheureusement document.getElementById('upload').files[0].name = chaine; ne marche pas! interdit! -- cgit v1.2.3