function Archive_Tar::_maliciousFilename

7.x system.tar.inc Archive_Tar::_maliciousFilename($file)

Detect and report a malicious file name

@access private

Parameters

string $file:

Return value

bool

2 calls to Archive_Tar::_maliciousFilename()

Archive_Tar::_readHeader in drupal-7.x/modules/system/system.tar.inc
Archive_Tar::_readLongHeader in drupal-7.x/modules/system/system.tar.inc

File

drupal-7.x/modules/system/system.tar.inc, line 1363

Class

Archive_Tar: Creates a (compressed) Tar archive *

Code

function _maliciousFilename($file) 
 {
  if (strpos($file, '/../') !== false) {
    return true;
  }
  if (strpos($file, '../') === 0) {
    return true;
  }
  return false;
}