private function ArchiveTar::_maliciousFilename in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/lib/Drupal/Core/Archiver/ArchiveTar.php \Drupal\Core\Archiver\ArchiveTar::_maliciousFilename()
Detect and report a malicious file name
Parameters
string $file:
Return value
bool
2 calls to ArchiveTar::_maliciousFilename()
- ArchiveTar::_readHeader in core/
lib/ Drupal/ Core/ Archiver/ ArchiveTar.php - ArchiveTar::_readLongHeader in core/
lib/ Drupal/ Core/ Archiver/ ArchiveTar.php
File
- core/
lib/ Drupal/ Core/ Archiver/ ArchiveTar.php, line 1803
Class
Namespace
Drupal\Core\ArchiverCode
private function _maliciousFilename($file) {
if (strpos($file, '/../') !== false) {
return true;
}
if (strpos($file, '../') === 0) {
return true;
}
return false;
}