Révision 01dfd3b5
Ajouté par Assos Assos il y a plus de 3 ans
drupal7/modules/system/system.tar.inc | ||
---|---|---|
1788 | 1788 |
|
1789 | 1789 |
// ----- Extract the properties |
1790 | 1790 |
$v_header['filename'] = rtrim($v_data['filename'], "\0"); |
1791 |
if ($this->_maliciousFilename($v_header['filename'])) {
|
|
1791 |
if ($this->_isMaliciousFilename($v_header['filename'])) {
|
|
1792 | 1792 |
$this->_error( |
1793 | 1793 |
'Malicious .tar detected, file "' . $v_header['filename'] . |
1794 | 1794 |
'" will not install in desired directory tree' |
... | ... | |
1858 | 1858 |
* |
1859 | 1859 |
* @return bool |
1860 | 1860 |
*/ |
1861 |
private function _maliciousFilename($file)
|
|
1861 |
private function _isMaliciousFilename($file)
|
|
1862 | 1862 |
{ |
1863 |
if (strpos($file, 'phar://') === 0) {
|
|
1863 |
if (strpos($file, '://') !== false) {
|
|
1864 | 1864 |
return true; |
1865 | 1865 |
} |
1866 | 1866 |
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) { |
... | ... | |
1896 | 1896 |
|
1897 | 1897 |
$v_filename = rtrim(substr($v_filename, 0, $v_filesize), "\0"); |
1898 | 1898 |
$v_header['filename'] = $v_filename; |
1899 |
if ($this->_maliciousFilename($v_filename)) {
|
|
1899 |
if ($this->_isMaliciousFilename($v_filename)) {
|
|
1900 | 1900 |
$this->_error( |
1901 | 1901 |
'Malicious .tar detected, file "' . $v_filename . |
1902 | 1902 |
'" will not install in desired directory tree' |
Formats disponibles : Unified diff
Udpate to 7.77