mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
MINOR Documentation (from r106804)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112538 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
35a3d79e87
commit
122549ca60
@ -5,6 +5,10 @@
|
||||
* looks at the db object to gather information about a file such as URL
|
||||
* It then uses this for all processing functions (like image manipulation).
|
||||
*
|
||||
* Caution: It is recommended to disable any script execution in the "assets/"
|
||||
* directory in the webserver configuration, to reduce the risk of exploits.
|
||||
* See http://doc.silverstripe.org/secure-development#filesystem
|
||||
*
|
||||
* @package sapphire
|
||||
* @subpackage filesystem
|
||||
*/
|
||||
@ -44,8 +48,7 @@ class File extends DataObject {
|
||||
);
|
||||
|
||||
/**
|
||||
* @see Upload->allowedExtensions
|
||||
* @var array
|
||||
* @var array List of allowed file extensions, enforced through {@link validate()}.
|
||||
*/
|
||||
public static $allowed_extensions = array(
|
||||
'','html','htm','xhtml','js','css',
|
||||
@ -59,8 +62,8 @@ class File extends DataObject {
|
||||
);
|
||||
|
||||
/**
|
||||
* If this is true, then restrictions set in $allowed_max_file_size and
|
||||
* $allowed_extensions will be applied to users with admin privileges as
|
||||
* @var If this is true, then restrictions set in {@link $allowed_max_file_size} and
|
||||
* {@link $allowed_extensions} will be applied to users with admin privileges as
|
||||
* well.
|
||||
*/
|
||||
public static $apply_restrictions_to_admin = true;
|
||||
|
@ -5,6 +5,15 @@
|
||||
* and either creates a new or uses an existing File-object
|
||||
* for syncing with the database.
|
||||
*
|
||||
* <b>Validation</b>
|
||||
*
|
||||
* By default, a user can upload files without extension limitations,
|
||||
* which can be a security risk if the webserver is not properly secured.
|
||||
* Use {@link setAllowedExtensions()} to limit this list,
|
||||
* and ensure the "assets/" directory does not execute scripts
|
||||
* (see http://doc.silverstripe.org/secure-development#filesystem).
|
||||
* {@link File::$allowed_extensions} provides a good start for a list of "safe" extensions.
|
||||
*
|
||||
* @package sapphire
|
||||
* @subpackage filesystem
|
||||
*
|
||||
@ -409,7 +418,13 @@ class Upload_Validator {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $rules
|
||||
* Limit allowed file extensions. Empty by default, allowing all extensions.
|
||||
* To allow files without an extension, use an empty string.
|
||||
* See {@link File::$allowed_extensions} to get a good standard set of
|
||||
* extensions that are typically not harmful in a webserver context.
|
||||
* See {@link setAllowedMaxFileSize()} to limit file size by extension.
|
||||
*
|
||||
* @param array $rules List of extensions
|
||||
*/
|
||||
public function setAllowedExtensions($rules) {
|
||||
if(!is_array($rules)) return false;
|
||||
@ -423,7 +438,7 @@ class Upload_Validator {
|
||||
/**
|
||||
* Determines if the bytesize of an uploaded
|
||||
* file is valid - can be defined on an
|
||||
* extension-by-extension basis in {$allowedMaxFileSize}
|
||||
* extension-by-extension basis in {@link $allowedMaxFileSize}
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user