summaryrefslogtreecommitdiff
path: root/ext/zip
diff options
context:
space:
mode:
Diffstat (limited to 'ext/zip')
-rw-r--r--ext/zip/php_zip.c15
1 files changed, 15 insertions, 0 deletions
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index e89682546f..5c291381c5 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -1148,6 +1148,10 @@ static PHP_NAMED_FUNCTION(zif_zip_open)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -1437,6 +1441,10 @@ static ZIPARCHIVE_METHOD(open)
RETURN_FALSE;
}
+ if (strlen(filename) != filename_len) {
+ RETURN_FALSE;
+ }
+
if (ZIP_OPENBASEDIR_CHECKPATH(filename)) {
RETURN_FALSE;
}
@@ -2363,6 +2371,10 @@ static ZIPARCHIVE_METHOD(extractTo)
RETURN_FALSE;
}
+ if (strlen(pathto) != pathto_len) {
+ RETURN_FALSE;
+ }
+
if (php_stream_stat_path(pathto, &ssb) < 0) {
ret = php_stream_mkdir(pathto, 0777, PHP_STREAM_MKDIR_RECURSIVE, NULL);
if (!ret) {
@@ -2449,6 +2461,9 @@ static void php_zip_get_from(INTERNAL_FUNCTION_PARAMETERS, int type) /* {{{ */
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|ll", &filename, &filename_len, &len, &flags) == FAILURE) {
return;
}
+ if (strlen(filename) != filename_len) {
+ return;
+ }
PHP_ZIP_STAT_PATH(intern, filename, filename_len, flags, sb);
} else {
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l|ll", &index, &len, &flags) == FAILURE) {
View Lorry Controller Status