Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

--TEST-- Bug #70350 (ZipArchive::extractTo allows for directory traversal when creating di..

Decoded Output download

--TEST--
Bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories)
--EXTENSIONS--
zip
--FILE--
<?php

$dir = __DIR__."/bug70350";
mkdir($dir);
$archive = new ZipArchive();
$archive->open("$dir/a.zip",ZipArchive::CREATE);
$archive->addEmptyDir("../down2/");
$archive->close();

$archive2 = new ZipArchive();
$archive2->open("$dir/a.zip");
$archive2->extractTo($dir);
$archive2->close();
var_dump(file_exists("$dir/down2/"));
var_dump(file_exists("../down2/"));
?>
--CLEAN--
<?php
$dir = __DIR__."/bug70350";
rmdir("$dir/down2");
unlink("$dir/a.zip");
rmdir($dir);
?>
--EXPECT--
bool(true)
bool(false)

Did this file decode correctly?

Original Code

--TEST--
Bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories)
--EXTENSIONS--
zip
--FILE--
<?php

$dir = __DIR__."/bug70350";
mkdir($dir);
$archive = new ZipArchive();
$archive->open("$dir/a.zip",ZipArchive::CREATE);
$archive->addEmptyDir("../down2/");
$archive->close();

$archive2 = new ZipArchive();
$archive2->open("$dir/a.zip");
$archive2->extractTo($dir);
$archive2->close();
var_dump(file_exists("$dir/down2/"));
var_dump(file_exists("../down2/"));
?>
--CLEAN--
<?php
$dir = __DIR__."/bug70350";
rmdir("$dir/down2");
unlink("$dir/a.zip");
rmdir($dir);
?>
--EXPECT--
bool(true)
bool(false)

Function Calls

None

Variables

None

Stats

MD5	f8a2664dcc368d50d01b046b61425085
Eval Count	0
Decode Time	96 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats