1 system.tar.inc | private Archive_Tar::_isMaliciousFilename($file) |
Detect and report a malicious file name
Parameters
string $file:
Return value
bool:
File
- core/
modules/ system/ system.tar.inc, line 1871
Class
Code
private function _isMaliciousFilename($file)
{
if (strpos($file, '://') !== false) {
return true;
}
if (strpos($file, '../') !== false || strpos($file, '..\\') !== false) {
return true;
}
return false;
}