Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.10

Bug #23782 Prevent phar:// files from being extracted
Submitted: 2018-12-20 20:41 UTC
From: mrook Assigned: mrook
Status: Closed Package: Archive_Tar (version 1.4.3)
PHP Version: Irrelevant OS:
Roadmaps: 1.4.4    
Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem : 32 - 27 = ?

 [2018-12-20 20:41 UTC] mrook (Michiel Rook)
Description: ------------ Filenames prefixed with phar:// should not be extracted, to prevent potential injections.


 [2018-12-20 20:41 UTC] mrook (Michiel Rook)
-Status: Open +Status: Closed -Assigned To: +Assigned To: mrook
This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.