From: stronk7 <stronk7>
Date: Sun, 17 Oct 2004 23:44:16 +0000 (+0000)
Subject: Strip control chars when unzipping.
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=76e2bc3b77f76e719643e0e0073311ed48321fb0;p=moodle.git

Strip control chars when unzipping.

Merged from MOODLE_14_STABLE
---

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 4dc6b46040..fcd6ccc551 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -4396,6 +4396,7 @@ function unzip_cleanfilename ($p_event, &$p_header) {
 //This function is used as callback in unzip_file() function
 //to clean illegal characters for given platform and to prevent directory traversal.
 //Produces the same result as info-zip unzip.
+    $p_header['filename'] = ereg_replace('[[:cntrl:]]', '', $p_header['filename']); //strip control chars first!
     $p_header['filename'] = ereg_replace('\.\.+', '', $p_header['filename']); //directory traversal protection
     if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
         $p_header['filename'] = ereg_replace('[:*"?<>|]', '_', $p_header['filename']); //replace illegal chars