From 76e2bc3b77f76e719643e0e0073311ed48321fb0 Mon Sep 17 00:00:00 2001
From: stronk7 <stronk7>
Date: Sun, 17 Oct 2004 23:44:16 +0000
Subject: [PATCH] Strip control chars when unzipping.

Merged from MOODLE_14_STABLE
---
 lib/moodlelib.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 4dc6b46040..fcd6ccc551 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -4396,6 +4396,7 @@ function unzip_cleanfilename ($p_event, &$p_header) {
 //This function is used as callback in unzip_file() function
 //to clean illegal characters for given platform and to prevent directory traversal.
 //Produces the same result as info-zip unzip.
+    $p_header['filename'] = ereg_replace('[[:cntrl:]]', '', $p_header['filename']); //strip control chars first!
     $p_header['filename'] = ereg_replace('\.\.+', '', $p_header['filename']); //directory traversal protection
     if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
         $p_header['filename'] = ereg_replace('[:*"?<>|]', '_', $p_header['filename']); //replace illegal chars
-- 
2.39.5