--- a/web/common.php Wed Nov 27 13:23:08 2013 +0100
+++ b/web/common.php Wed Nov 27 16:36:10 2013 +0100
@@ -407,17 +407,6 @@
$realm = 'Polemictweet restricted area';
-/*function authenticate($users, $translate) {
- if (!isset($_SESSION['user_id']))
- {
- // Fetch current URL
- $this_url = $_SERVER['REQUEST_URI'];
-
- // Redirect to login page passing current URL
- header('Location: login.php?return_url=' . urlencode($this_url));
- exit;
- }
-}*/
function authenticate($users, $translate) {
@@ -485,3 +474,67 @@
return $needed_parts ? false : $data;
}
+
+/**
+ * Modifies a string to remove all non ASCII characters and spaces.
+ */
+function slugify($text)
+{
+ // replace non letter or digits by -
+ $text = preg_replace('~[^\\pL\d]+~u', '-', $text);
+
+ // trim
+ $text = trim($text, '-');
+
+ // transliterate
+ if (function_exists('iconv'))
+ {
+ $text = iconv('utf-8', 'us-ascii//TRANSLIT', $text);
+ }
+
+ // lowercase
+ $text = strtolower($text);
+
+ // remove unwanted characters
+ $text = preg_replace('~[^-\w]+~', '', $text);
+
+ if (empty($text))
+ {
+ return 'n-a';
+ }
+
+ return $text;
+}
+
+
+// from http://www.house6.com/blog/?p=83
+function sanitize_filename($f) {
+ // a combination of various methods
+ // we don't want to convert html entities, or do any url encoding
+ // we want to retain the "essence" of the original file name, if possible
+ // char replace table found at:
+ // http://www.php.net/manual/en/function.strtr.php#98669
+ $replace_chars = array(
+ 'Š'=>'S', 'š'=>'s', 'Ð'=>'Dj','Ž'=>'Z', 'ž'=>'z', 'À'=>'A', 'Á'=>'A', 'Â'=>'A', 'Ã'=>'A', 'Ä'=>'A',
+ 'Å'=>'A', 'Æ'=>'A', 'Ç'=>'C', 'È'=>'E', 'É'=>'E', 'Ê'=>'E', 'Ë'=>'E', 'Ì'=>'I', 'Í'=>'I', 'Î'=>'I',
+ 'Ï'=>'I', 'Ñ'=>'N', 'Ò'=>'O', 'Ó'=>'O', 'Ô'=>'O', 'Õ'=>'O', 'Ö'=>'O', 'Ø'=>'O', 'Ù'=>'U', 'Ú'=>'U',
+ 'Û'=>'U', 'Ü'=>'U', 'Ý'=>'Y', 'Þ'=>'B', 'ß'=>'Ss','à'=>'a', 'á'=>'a', 'â'=>'a', 'ã'=>'a', 'ä'=>'a',
+ 'å'=>'a', 'æ'=>'a', 'ç'=>'c', 'è'=>'e', 'é'=>'e', 'ê'=>'e', 'ë'=>'e', 'ì'=>'i', 'í'=>'i', 'î'=>'i',
+ 'ï'=>'i', 'ð'=>'o', 'ñ'=>'n', 'ò'=>'o', 'ó'=>'o', 'ô'=>'o', 'õ'=>'o', 'ö'=>'o', 'ø'=>'o', 'ù'=>'u',
+ 'ú'=>'u', 'û'=>'u', 'ý'=>'y', 'ý'=>'y', 'þ'=>'b', 'ÿ'=>'y', 'ƒ'=>'f'
+ );
+ $f = strtr($f, $replace_chars);
+ // convert & to "and", @ to "at", and # to "number"
+ $f = preg_replace(array('/[\&]/', '/[\@]/', '/[\#]/'), array('-and-', '-at-', '-number-'), $f);
+ $f = preg_replace('/[^(\x20-\x7F)]*/','', $f); // removes any special chars we missed
+ $f = str_replace(' ', '-', $f); // convert space to hyphen
+ $f = str_replace('\'', '', $f); // removes apostrophes
+ $f = preg_replace('/[^\w\-\.]+/', '', $f); // remove non-word chars (leaving hyphens and periods)
+ $f = preg_replace('/[\-]+/', '-', $f); // converts groups of hyphens into one
+ if (function_exists('iconv'))
+ {
+ $f = iconv('utf-8', 'us-ascii//TRANSLIT', $f);
+ }
+
+ return strtolower($f);
+}
--- a/web/event_process.php Wed Nov 27 13:23:08 2013 +0100
+++ b/web/event_process.php Wed Nov 27 16:36:10 2013 +0100
@@ -34,43 +34,13 @@
$zip->addEmptyDir("$event_title/images");
foreach ($files as $key => $file_desc) {
if($file_desc['size']>0) {
- $zip->addFile($file_desc['tmp_name'], "$event_title/images/".$file_desc['name']);
+ $zip->addFile($file_desc['tmp_name'], "$event_title/images/".sanitize_filename($file_desc['name']));
}
}
return $zip->close();
}
-/**
- * Modifies a string to remove all non ASCII characters and spaces.
- */
-function slugify($text)
-{
- // replace non letter or digits by -
- $text = preg_replace('~[^\\pL\d]+~u', '-', $text);
-
- // trim
- $text = trim($text, '-');
-
- // transliterate
- if (function_exists('iconv'))
- {
- $text = iconv('utf-8', 'us-ascii//TRANSLIT', $text);
- }
-
- // lowercase
- $text = strtolower($text);
-
- // remove unwanted characters
- $text = preg_replace('~[^-\w]+~', '', $text);
-
- if (empty($text))
- {
- return 'n-a';
- }
-
- return $text;
-}
?>
@@ -150,7 +120,7 @@
}
foreach ($_FILES as $key => $value) {
- $config_values[$key] = "images/".basename($value['name']);
+ $config_values[$key] = "images/".sanitize_filename(basename($value['name']));
}
$event_title = slugify($config_values['title']);