Fix for issue #100

pluck-cms · Apr 26, 2021 · 89c40c7 · 89c40c7
1 parent 6865aca
commit 89c40c7
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/data/inc/lib/unzip.class.php b/data/inc/lib/unzip.class.php
@@ -282,7 +282,14 @@ public function extract($p_source_zip_file=NULL, $p_target_location=NULL){
 					}
 					if(isset($f_possible_files) && is_array($f_possible_files) && count($f_possible_files)>0){
 						$this->log[]='found file in zip file. write attemp begin...';
-						foreach($f_possible_files as $flinf) $this->write($flinf['entry'], $flinf['target']);
+						foreach($f_possible_files as $flinf) {
+							// fix for issue #100
+						        //Prevent Zip traversal attacks
+								if (strpos($flinf['target'], '../') !== false || strpos($flinf['target'], '..\\') !== false) {
+									trigger_error('Sorry! ZIP Slip detected.', E_USER_ERROR);
+								}
+							$this->write($flinf['entry'], $flinf['target']);
+						}
 					}
 					zip_close($zf);
 					$this->log[]='zip file read complete.';