I'm using do_upload() function in CI3, to rename & upload a file. The file name contains '&' character. When i upload a file and save it, the '&' character from file name is getting remove. Below is the code -
// Upload File Name : ***Heavy & Light Vehicles.csv***
// File post parameter : *im_file*
$config['file_name'] = $saved_file_name = uniqid() . '_' . $_FILES['im_file']['name'];
$config['allowed_types'] = 'csv';
$config['overwrite'] = TRUE;
$this->load->library('upload');
$this->upload->initialize($config);
if (!$this->upload->do_upload('im_file')) {
$error = array('error' => $this->upload->display_errors());
$im_file = "";
exit();
} else {
$filedata = array('upload_data' => $this->upload->data());
print_r($filedata);
}
The array printed as below -
[upload_data] => Array
(
[file_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
[file_type] => text/plain
[file_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/
[full_path] => D:/wamp/www/project_folder/uploads/import_file/vehicles/65e5c1262de2d_Heavy_Light_Vehicles.csv
[raw_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
[orig_name] => 65e5c1262de2d_Heavy_Light_Vehicles.csv
[client_name] => Heavy & Light Vehicles.csv
[file_ext] => .csv
[file_size] => 99.2
[is_image] =>
[image_width] =>
[image_height] =>
[image_type] =>
[image_size_str] =>
)
In above printed 'file upload' array, the '&' character from file name got removed while saving it. Expected file name after save should be 65e5c1262de2d_Heavy_&_Light_Vehicles.csv. Please suggest if there is any solution to keep file name '&' character as it is.
The do_upload
method uses the sanitize_filename
method in the CI_Security
class to remove all characters from the filename that are listed in the public $filename_bad_chars
array in that same class.
To keep the &
, you could extend the CI_Security
class, and override the public $filename_bad_chars
array with the a copy of the original array that has the &
removed.
If you name the class MY_Security.php
and save it in the application/core
folder, CodeIgniter will automatically use this new class:
<?php
class MY_Security extends CI_Security
{
/**
* List of sanitize filename strings
*
* @var array
*/
public $filename_bad_chars = array(
'../', '<!--', '-->', '<', '>',
"'", '"', '$', '#',
'{', '}', '[', ']', '=',
';', '?', '%20', '%22',
'%3c', // <
'%253c', // <
'%3e', // >
'%0e', // >
'%28', // (
'%29', // )
'%2528', // (
'%26', // &
'%24', // $
'%3f', // ?
'%3b', // ;
'%3d' // =
);
public function __construct()
{
parent::__construct();
}
}
See also: https://codeigniter.com/userguide3/general/core_classes.html#extending-core-class