From 98ba6b57541444cf5b45e092a1e7f96370b0551c Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 1 Sep 2018 19:05:04 -0400 Subject: check for backslashes in path --- src/ZipStream.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/ZipStream.php b/src/ZipStream.php index a9aa014..ea25a87 100644 --- a/src/ZipStream.php +++ b/src/ZipStream.php @@ -425,7 +425,12 @@ final class Entry { throw new Errors\PathError($path, "path contains double slashes"); } - # check for double dots + # check for backslashes + if (preg_match('/\\/', $path)) { + throw new Errors\PathError($path, "path contains backslashes"); + } + + # check for relative path if (preg_match('/\.\./', $path)) { throw new Errors\PathError($path, "relative path"); } -- cgit v1.2.3