TYPO3_8-7/_zip_service_8php_source.html

 <?php
 declare(strict_types = 1);
 namespace TYPO3\CMS\Core\Service\Archive;

 /*
  * This file is part of the TYPO3 CMS project.
  *
  * It is free software; you can redistribute it and/or modify it under
  * the terms of the GNU General Public License, either version 2
  * of the License, or any later version.
  *
  * For the full copyright and license information, please read the
  * LICENSE.txt file that was distributed with this source code.
  *
  * The TYPO3 project - inspiring people to share!
  */

 use TYPO3\CMS\Core\Exception\Archive\ExtractException;
 use TYPO3\CMS\Core\Utility\GeneralUtility;

 class ZipService
 {
     public function extract(string $fileName, string $directory): bool
     {
         $this->assertDirectoryIsWritable($directory);

         $zip = new \ZipArchive();
         $state = $zip->open($fileName);
         if ($state !== true) {
             throw new ExtractException(
                 sprintf('Unable to open zip file %s, error code %d', $fileName, $state),
                 1565709712
             );
         }

         $result = $zip->extractTo($directory);
         $zip->close();
         if ($result) {
             GeneralUtility::fixPermissions($directory, true);
         }
         return $result;
     }

     public function verify(string $fileName): bool
     {
         $zip = new \ZipArchive();
         $state = $zip->open($fileName);
         if ($state !== true) {
             throw new ExtractException(
                 sprintf('Unable to open zip file %s, error code %d', $fileName, $state),
                 1565709713
             );
         }

         for ($i = 0; $i < $zip->numFiles; $i++) {
             $entryName = $zip->getNameIndex($i);
             if (preg_match('#/(?:\.{2,})+#', $entryName) // Contains any traversal sequence starting with a slash, e.g. /../, /.., /.../
                 || preg_match('#^(?:\.{2,})+/#', $entryName) // Starts with a traversal sequence, e.g. ../, .../
             ) {
                 throw new ExtractException(
                     sprintf('Suspicious sequence in zip file %s: %s', $fileName, $entryName),
                     1565709714
                 );
             }
         }

         $zip->close();
         return true;
     }

     private function assertDirectoryIsWritable(string $directory)
     {
         if (!is_dir($directory)) {
             throw new \RuntimeException(
                 sprintf('Directory %s does not exist', $directory),
                 1565773005
             );
         }
         if (!is_writable($directory)) {
             throw new \RuntimeException(
                 sprintf('Directory %s is not writable', $directory),
                 1565773006
             );
         }
     }
 }
GeneralUtility

TYPO3\CMS\Core\Service\Archive\ZipService\extract
extract(string $fileName, string $directory)
Definition: ZipService.php:36

ExtractException

TYPO3\CMS\Core\Service\Archive
Definition: ZipService.php:3

TYPO3\CMS\Core\Service\Archive\ZipService
Definition: ZipService.php:26

TYPO3\CMS\Core\Utility\GeneralUtility\fixPermissions
static fixPermissions($path, $recursive=false)
Definition: GeneralUtility.php:2178

TYPO3\CMS\Core\Exception\Archive\ExtractException
Definition: ExtractException.php:23

TYPO3\CMS\Core\Service\Archive\ZipService\verify
verify(string $fileName)
Definition: ZipService.php:62

TYPO3\CMS\Core\Service\Archive\ZipService\assertDirectoryIsWritable
assertDirectoryIsWritable(string $directory)
Definition: ZipService.php:92