phpcodeigniter-3

do_upload() function removes the '&' character from file name in Codeigniter 3

I'm using do_upload() function in CI3, to rename & upload a file. The file name contains '&' character. When i upload a file and save it, the '&' character from file name is getting remove. Below is the code -

// Upload File Name : ***Heavy & Light Vehicles.csv***

// File post parameter : *im_file*


    $config['file_name'] = $saved_file_name = uniqid() . '_' . $_FILES['im_file']['name'];
    $config['allowed_types'] = 'csv';
    $config['overwrite'] = TRUE;
    $this->load->library('upload');
    $this->upload->initialize($config);
    if (!$this->upload->do_upload('im_file')) {
         $error = array('error' => $this->upload->display_errors());
         $im_file = "";
         exit();
    } else {
         $filedata = array('upload_data' => $this->upload->data());
         print_r($filedata);
    }

The array printed as below -

[upload_data] => Array
        (
            [file_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [file_type] => text/plain
            [file_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/
            [full_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/65e5c1262de2d_Heavy_Light_Vehicles.csv
            [raw_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [orig_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
            [client_name] => Heavy & Light Vehicles.csv
            [file_ext] => .csv
            [file_size] => 99.2
            [is_image] => 
            [image_width] => 
            [image_height] => 
            [image_type] => 
            [image_size_str] => 
        )

In above printed 'file upload' array, the '&' character from file name got removed while saving it. Expected file name after save should be 65e5c1262de2d_Heavy_&_Light_Vehicles.csv. Please suggest if there is any solution to keep file name '&' character as it is.

Solution

  • The do_upload method uses the sanitize_filename method in the CI_Security class to remove all characters from the filename that are listed in the public $filename_bad_chars array in that same class.

    To keep the &, you could extend the CI_Security class, and override the public $filename_bad_chars array with the a copy of the original array that has the & removed.

    If you name the class MY_Security.php and save it in the application/core folder, CodeIgniter will automatically use this new class:

    <?php

class MY_Security extends CI_Security
{

    /**
     * List of sanitize filename strings
     *
     * @var array
     */
    public $filename_bad_chars =    array(
        '../', '<!--', '-->', '<', '>',
        "'", '"', '$', '#',
        '{', '}', '[', ']', '=',
        ';', '?', '%20', '%22',
        '%3c',        // <
        '%253c',    // <
        '%3e',        // >
        '%0e',        // >
        '%28',        // (
        '%29',        // )
        '%2528',    // (
        '%26',        // &
        '%24',        // $
        '%3f',        // ?
        '%3b',        // ;
        '%3d'        // =
    );

    public function __construct()
    {
        parent::__construct();
    }
}

    See also: https://codeigniter.com/userguide3/general/core_classes.html#extending-core-class