开发者

Extracting user uploaded archives without exposing to ZipBombs?

2023-01-27 02:28 问答作者：

My question is simple: how do I make sure (or prevent) a user from uploading an archive that upon extraction fills the entire disc 开发者_开发技巧space (a so-called ZipBomb)? I am using PHP.

Before extracting your archive, use the PHP Zip library functions to ensure that, when extracted, the contents fall within a total size limit.

For example:

$zip = zip_open('uploaded.zip');
$file = zip_read($zip);
$totalsize = 0;

while ($file) {
    $totalsize += zip_entry_filesize($file);
    $file = zip_read($zip); // read next file
}

zip_close($zip);

if ($totalsize > SIZE_LIMIT) {
    // not allowed!
}

继续阅读：archive php upload

精彩评论

暂无评论...

登录注册

请自觉遵守互联网相关的政策法规，严禁发布色情、暴力、反动的言论！

验证码：

换一张

取消

Extracting user uploaded archives without exposing to ZipBombs?

更多精彩内容

精彩评论

最新问答

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

哪里医院专治输卵管堵塞好？

外语基础薄弱的人出国自由行，带哪种翻译器比较好？？

输卵管积液手术价格？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？

更多精彩内容

精彩评论

最新问答

海信ULED电视画质有什么不同的地方?？

钉子可以挂的住画框幕布吗？

哪里医院专治输卵管堵塞好？

外语基础薄弱的人出国自由行，带哪种翻译器比较好？？

输卵管积液手术价格？

问答排行榜

王昌瑞《潜梦追凶》剧组庆生 新锐演员未来可期？

Is it allowed to ask users to enter credit card details for own payment method?

Escaping "<" in Perl-generated XML

imessage会显示已读吗？

微信重新建群怎么建？

王昌瑞《潜梦追凶》剧组庆生新锐演员未来可期？