function Archive_Tar::_isMaliciousFilename
Detect and report a malicious file name
Parameters
string $file:
Return value
bool
2 calls to Archive_Tar::_isMaliciousFilename()
- Archive_Tar::_readHeader in modules/
system/ system.tar.inc - Archive_Tar::_readLongHeader in modules/
system/ system.tar.inc
File
-
modules/
system/ system.tar.inc, line 1870
Class
Code
private function _isMaliciousFilename($file) {
if (strpos($file, '://') !== false) {
return true;
}
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
return true;
}
return false;
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.