private function TarArchiveReader::maliciousFilename in Backup and Migrate 5.0.x

Detect and report a malicious file name.

Parameters

string $file:

Return value

bool

1 call to TarArchiveReader::maliciousFilename()

TarArchiveReader::extractAllToDirectory in src/Core/Service/TarArchiveReader.php

File

src/Core/Service/TarArchiveReader.php, line 379

Class

TarArchiveReader: @package Drupal\backup_migrate\Core\Service

Namespace

Drupal\backup_migrate\Core\Service

Code

private function maliciousFilename($file) {
  if (strpos($file, '/../') !== FALSE) {
    return TRUE;
  }
  if (strpos($file, '../') === 0) {
    return TRUE;
  }
  return FALSE;
}

You are here

private function TarArchiveReader::maliciousFilename in Backup and Migrate 5.0.x

Parameters

Return value

File

Class

Namespace

Code

API Navigation