1.20.x system.tar.inc private Archive_Tar::_isMaliciousFilename($file)

Detect and report a malicious file name

Parameters

string $file:

Return value

bool:

File

modules/system/system.tar.inc, line 1857

Class

Archive_Tar

Code

private function _isMaliciousFilename($file) 
 {
  if (strpos($file, '://') !== false) {
    return true;
  }
  if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
    return true;
  }
  return false;
}