Part-DB.Part-DB-server/src/Helpers/FilenameSanatizer.php

<?php
/*
 * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
 *
 *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as published
 *  by the Free Software Foundation, either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);


namespace App\Helpers;

/**
 * This class provides functions to sanitize filenames.
 */
class FilenameSanatizer
{
    /**
     * Converts a given filename to a version, which is guaranteed to be safe to use on all filesystems.
     * This function is adapted from https://stackoverflow.com/a/42058764/21879970
     * @param  string  $filename
     * @return string
     */
    public static function sanitizeFilename(string $filename): string
    {
        $filename = preg_replace(
            '~
        [<>:"/\\\|?*]|            # file system reserved https://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words
        [\x00-\x1F]|             # control characters http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx
        [\x7F\xA0\xAD]|          # non-printing characters DEL, NO-BREAK SPACE, SOFT HYPHEN
        [#\[\]@!$&\'()+,;=]|     # URI reserved https://www.rfc-editor.org/rfc/rfc3986#section-2.2
        [{}^\~`]                 # URL unsafe characters https://www.ietf.org/rfc/rfc1738.txt
        ~x',
            '-', $filename);

        // avoids ".", ".." or ".hiddenFiles"
        $filename = ltrim($filename, '.-');
        //Limit filename length to 255 bytes
        $ext = pathinfo($filename, PATHINFO_EXTENSION);
        $filename = mb_strcut(pathinfo($filename, PATHINFO_FILENAME), 0, 255 - ($ext ? strlen($ext) + 1 : 0), mb_detect_encoding($filename)) . ($ext ? '.' . $ext : '');
        return $filename;
    }
}
Fixed export of entities, if their name contained slash or other reserved charcters 2024-01-29 21:25:30 +01:00			`<?php`
			`/*`
			`* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).`
			`*`
			`* Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published`
			`* by the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

			`declare(strict_types=1);`


			`namespace App\Helpers;`

			`/**`
			`* This class provides functions to sanitize filenames.`
			`*/`
			`class FilenameSanatizer`
			`{`
			`/**`
			`* Converts a given filename to a version, which is guaranteed to be safe to use on all filesystems.`
			`* This function is adapted from https://stackoverflow.com/a/42058764/21879970`
			`* @param string $filename`
			`* @return string`
			`*/`
			`public static function sanitizeFilename(string $filename): string`
			`{`
			`$filename = preg_replace(`
			`'~`
			`[<>:"/\\\\|?*]\| # file system reserved https://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words`
			`[\x00-\x1F]\| # control characters http://msdn.microsoft.com/en-us/library/windows/desktop/aa365247%28v=vs.85%29.aspx`
			`[\x7F\xA0\xAD]\| # non-printing characters DEL, NO-BREAK SPACE, SOFT HYPHEN`
			`[#\[\]@!$&\'()+,;=]\| # URI reserved https://www.rfc-editor.org/rfc/rfc3986#section-2.2`
			[{}^\~`] # URL unsafe characters https://www.ietf.org/rfc/rfc1738.txt
			`~x',`
			`'-', $filename);`

			`// avoids ".", ".." or ".hiddenFiles"`
			`$filename = ltrim($filename, '.-');`
			`//Limit filename length to 255 bytes`
			`$ext = pathinfo($filename, PATHINFO_EXTENSION);`
			`$filename = mb_strcut(pathinfo($filename, PATHINFO_FILENAME), 0, 255 - ($ext ? strlen($ext) + 1 : 0), mb_detect_encoding($filename)) . ($ext ? '.' . $ext : '');`
			`return $filename;`
			`}`
			`}`