private function Archive_Tar::_maliciousFilename

private Archive_Tar::_maliciousFilename($file)

Detect and report a malicious file name

Parameters

string $file:

Return value

bool

File

modules/system/system.tar.inc, line 1806

Class

Archive_Tar

Code

private function _maliciousFilename($file) 
 {
  if (strpos($file, '/../') !== false) {
    return true;
  }
  if (strpos($file, '../') === 0) {
    return true;
  }
  return false;
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/modules!system!system.tar.inc/function/Archive_Tar::_maliciousFilename/7.x