//Is the file type allowed to be uploaded?
if(!$this->is_allowed_filetype()){
$this->set_error("upload_invalid_filetype");
return FALSE;
}
//If we're overriding, let's now make sure the new name and type is allowed.
//Check if a filename was supplied for the current file. Otherwise, use it's given name.
if(!empty($this->_multi_file_name_override[$i])){
$this->file_name = $this->_prep_filename($this->_multi_file_name_override[$i]);
//If no extension was provided in the file_name config item, use the uploaded one.
if(strpos($this->_multi_file_name_override[$i], ".") === FALSE){
$this->file_name .= $this->file_ext;
//An extension was provided, lets have it!
} else {
$this->file_ext = $this->get_extension($this->_multi_file_name_override[$i]);
}
if(!$this->is_allowed_filetype(TRUE)){
$this->set_error("upload_invalid_filetype");
return FALSE;
}
}
//Convert the file size to kilobytes.
if($this->file_size > 0){
$this->file_size = round($this->file_size/1024, 2);
}
//Is the file size within the allowed maximum?
if(!$this->is_allowed_filesize()){
$this->set_error("upload_invalid_filesize");
return FALSE;
}
//Are the image dimensions within the allowed size?
//Note: This can fail if the server has an open_basdir restriction.
if(!$this->is_allowed_dimensions()){
$this->set_error("upload_invalid_dimensions");
return FALSE;
}
//Sanitize the file name for security.
$this->file_name = $this->clean_file_name($this->file_name);
//Truncate the file name if it's too long
if($this->max_filename > 0){
$this->file_name = $this->limit_filename_length($this->file_name, $this->max_filename);
}
//Remove white spaces in the name
if($this->remove_spaces == TRUE){
$this->file_name = preg_replace("/\s+/", "_", $this->file_name);
}
/* Validate the file name
* This function appends an number onto the end of
* the file if one with the same name already exists.
* If it returns false there was a problem.
*/
$this->orig_name = $this->file_name;
if($this->overwrite == FALSE){
$this->file_name = $this->set_filename($this->upload_path, $this->file_name);
if($this->file_name === FALSE){
return FALSE;
}
}
/* Run the file through the XSS hacking filter
* This helps prevent malicious code from being
* embedded within a file. Scripts can easily
* be disguised as images or other file types.
*/
if($this->xss_clean){
if($this->do_xss_clean() === FALSE){
$this->set_error("upload_unable_to_write_file");
return FALSE;
}
}