phpcodeigniter-3

do_upload() function removes the '&' character from file name in Codeigniter 3


I'm using do_upload() function in CI3, to rename & upload a file. The file name contains '&' character. When i upload a file and save it, the '&' character from file name is getting remove. Below is the code -

// Upload File Name : ***Heavy & Light Vehicles.csv***

// File post parameter : *im_file*


    $config['file_name'] = $saved_file_name = uniqid() . '_' . $_FILES['im_file']['name'];
    $config['allowed_types'] = 'csv';
    $config['overwrite'] = TRUE;
    $this->load->library('upload');
    $this->upload->initialize($config);
    if (!$this->upload->do_upload('im_file')) {
         $error = array('error' => $this->upload->display_errors());
         $im_file = "";
         exit();
    } else {
         $filedata = array('upload_data' => $this->upload->data());
         print_r($filedata);
    }

The array printed as below -

[upload_data] => Array
        (
            [file_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [file_type] => text/plain
            [file_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/
            [full_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/65e5c1262de2d_Heavy_Light_Vehicles.csv
            [raw_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [orig_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [client_name] => Heavy & Light Vehicles.csv
            [file_ext] => .csv
            [file_size] => 99.2
            [is_image] => 
            [image_width] => 
            [image_height] => 
            [image_type] => 
            [image_size_str] => 
        )

In above printed 'file upload' array, the '&' character from file name got removed while saving it. Expected file name after save should be 65e5c1262de2d_Heavy_&_Light_Vehicles.csv. Please suggest if there is any solution to keep file name '&' character as it is.


Solution

  • The do_upload method uses the sanitize_filename method in the CI_Security class to remove all characters from the filename that are listed in the public $filename_bad_chars array in that same class.

    To keep the &, you could extend the CI_Security class, and override the public $filename_bad_chars array with the a copy of the original array that has the & removed.

    If you name the class MY_Security.php and save it in the application/core folder, CodeIgniter will automatically use this new class:

    <?php
    
    class MY_Security extends CI_Security
    {
    
        /**
         * List of sanitize filename strings
         *
         * @var array
         */
        public $filename_bad_chars =    array(
            '../', '<!--', '-->', '<', '>',
            "'", '"', '$', '#',
            '{', '}', '[', ']', '=',
            ';', '?', '%20', '%22',
            '%3c',        // <
            '%253c',    // <
            '%3e',        // >
            '%0e',        // >
            '%28',        // (
            '%29',        // )
            '%2528',    // (
            '%26',        // &
            '%24',        // $
            '%3f',        // ?
            '%3b',        // ;
            '%3d'        // =
        );
    
        public function __construct()
        {
            parent::__construct();
        }
    }
    

    See also: https://codeigniter.com/userguide3/general/core_classes.html#extending-core-class