アップロード不可能な拡張子を指定してファイルアップロードする
CodeIgniterのファイルアップロードクラスはアップロード可能な拡張子を指定することができるけど、逆にアップロード不可能な拡張子を指定できない。
そこでCI_Uploadクラスを拡張して、アップロード不可能な拡張子を指定できるようにしてみる。
MY_Upload.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); class MY_Upload extends CI_Upload { public $disallowed_types = ""; // -------------------------------------------------------------------- /** * Initialize preferences * * @param array * @return void */ public function initialize($config = array()) { $defaults = array( 'max_size' => 0, 'max_width' => 0, 'max_height' => 0, 'max_filename' => 0, 'allowed_types' => "", 'disallowed_types' => "", 'file_temp' => "", 'file_name' => "", 'orig_name' => "", 'file_type' => "", 'file_size' => "", 'file_ext' => "", 'upload_path' => "", 'overwrite' => FALSE, 'encrypt_name' => FALSE, 'is_image' => FALSE, 'image_width' => '', 'image_height' => '', 'image_type' => '', 'image_size_str' => '', 'error_msg' => array(), 'mimes' => array(), 'remove_spaces' => TRUE, 'xss_clean' => FALSE, 'temp_prefix' => "temp_file_", 'client_name' => '' ); foreach ($defaults as $key => $val) { if (isset($config[$key])) { $method = 'set_'.$key; if (method_exists($this, $method)) { $this->$method($config[$key]); } else { $this->$key = $config[$key]; } } else { $this->$key = $val; } } // if a file_name was provided in the config, use it instead of the user input // supplied file name for all uploads until initialized again $this->_file_name_override = $this->file_name; } // -------------------------------------------------------------------- /** * Verify that the filetype is allowed * * @return bool */ public function is_allowed_filetype($ignore_mime = FALSE) { // if allowed file type list is not defined if (count($this->allowed_types) == 0 OR ! is_array($this->allowed_types)) { // if disallowed file type list is not defined if (count($this->disallowed_types) == 0 OR ! is_array($this->disallowed_types)) { return TRUE; } // check for disallowed file types and return // negated because is_disallowed_filetype returns opposite result as this function return ! $this->is_disallowed_filetype(); } // proceed as usual with allowed file type list check return parent::is_allowed_filetype($ignore_mime); } // -------------------------------------------------------------------- /** * Set Allowed File Types * * @param string * @return void */ public function set_disallowed_types($types) { if ( ! is_array($types) && $types == '*') { $this->disallowed_types = '*'; return; } $this->disallowed_types = explode('|', $types); } // -------------------------------------------------------------------- /** * Verify that the filetype is disallowed * * @return bool */ public function is_disallowed_filetype($ignore_mime = FALSE) { if ($this->disallowed_types == '*') { return TRUE; } if (count($this->disallowed_types) == 0 OR ! is_array($this->disallowed_types)) { return FALSE; } $ext = strtolower(ltrim($this->file_ext, '.')); if ( in_array($ext, $this->disallowed_types)) { return TRUE; } return FALSE; } }
以上のファイルとapplication/librariesに配置すればOK。
設定ファイルは以下のようにアップロード不可能な拡張子のみ記述するようにしておく。
<?php $config['upload_path'] = APPPATH . '../uploads/'; $config['disallowed_types'] = 'gif|jpg|png'; $config['max_size'] = '100'; $config['max_width'] = '1024'; $config['max_height'] = '768';
こんな感じっすかね?
