diff options
| author | Paul Duncan <pabs@pablotron.org> | 2018-09-01 19:05:04 -0400 |
|---|---|---|
| committer | Paul Duncan <pabs@pablotron.org> | 2018-09-03 09:54:33 -0400 |
| commit | 98ba6b57541444cf5b45e092a1e7f96370b0551c (patch) | |
| tree | fa021468193741f22e5bc650c659b6fb09b3e841 | |
| parent | 3a532382b8279f2f148515e57fad562215300a32 (diff) | |
| download | zipstream-php-98ba6b57541444cf5b45e092a1e7f96370b0551c.tar.bz2 zipstream-php-98ba6b57541444cf5b45e092a1e7f96370b0551c.zip | |
check for backslashes in path
| -rw-r--r-- | src/ZipStream.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/ZipStream.php b/src/ZipStream.php index a9aa014..ea25a87 100644 --- a/src/ZipStream.php +++ b/src/ZipStream.php @@ -425,7 +425,12 @@ final class Entry { throw new Errors\PathError($path, "path contains double slashes"); } - # check for double dots + # check for backslashes + if (preg_match('/\\/', $path)) { + throw new Errors\PathError($path, "path contains backslashes"); + } + + # check for relative path if (preg_match('/\.\./', $path)) { throw new Errors\PathError($path, "relative path"); } |