private function TarArchiveReader::maliciousFilename in Backup and Migrate 8.4
Detect and report a malicious file name.
Parameters
string $file:
Return value
bool
1 call to TarArchiveReader::maliciousFilename()
- TarArchiveReader::extractAllToDirectory in lib/
backup_migrate_core/ src/ Service/ TarArchiveReader.php
File
- lib/
backup_migrate_core/ src/ Service/ TarArchiveReader.php, line 372
Class
- TarArchiveReader
- Class TarArchiveReader.
Namespace
BackupMigrate\Core\ServiceCode
private function maliciousFilename($file) {
if (strpos($file, '/../') !== FALSE) {
return TRUE;
}
if (strpos($file, '../') === 0) {
return TRUE;
}
return FALSE;
}