| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.5.0 |
| Bug #23782 | Prevent phar:// files from being extracted | ||
|---|---|---|---|
| Submitted: | 2018-12-20 20:41 UTC | ||
| From: | mrook | Assigned: | mrook |
| Status: | Closed | Package: | Archive_Tar (version 1.4.3) |
| PHP Version: | Irrelevant | OS: | |
| Roadmaps: | 1.4.4 | ||
[2018-12-20 20:41 UTC] mrook
(Michiel Rook)
Description:
------------
Filenames prefixed with phar:// should not be extracted, to prevent potential
injections.
Comments
[2018-12-20 20:41 UTC] mrook
(Michiel Rook)
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: mrook
This bug has been fixed in SVN.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.