mirror_php/php-zip
1
0
Fork 0
mirror of https://github.com/Ne-Lexa/php-zip.git synced 2025-03-14 16:29:42 +01:00
Code Issues Releases Wiki Activity

Added additional check for correct decompression

Browse Source
This commit is contained in:
wapplay 2018-10-21 19:25:13 +03:00
parent 04a92e7904
commit 837454ba7e
5 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php
View File

@ -148,7 +148,10 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine
$checkByte = ($this->entry->getCrc() >> 24) & 0xff;
}
if ($byte !== $checkByte) {
throw new ZipAuthenticationException("Bad password for entry " . $this->entry->getName());
throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$this->entry->getName()
));
}
$outputContent = "";

18
src/PhpZip/Stream/ZipInputStream.php
View File

@ -7,7 +7,7 @@ use PhpZip\Crypto\WinZipAesEngine;
use PhpZip\Exception\Crc32Exception;
use PhpZip\Exception\InvalidArgumentException;
use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipCryptoException;
use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipException;
use PhpZip\Exception\ZipUnsupportMethodException;
use PhpZip\Extra\ExtraFieldsCollection;
@ -470,7 +470,7 @@ class ZipInputStream implements ZipInputStreamInterface
case ZipFileInterface::METHOD_STORED:
break;
case ZipFileInterface::METHOD_DEFLATED:
$content = gzinflate($content);
$content = @gzinflate($content);
break;
case ZipFileInterface::METHOD_BZIP2:
if (!extension_loaded('bz2')) {
@ -478,6 +478,9 @@ class ZipInputStream implements ZipInputStreamInterface
}
/** @noinspection PhpComposerExtensionStubsInspection */
$content = bzdecompress($content);
if (is_int($content)) { // decompress error
$content = false;
}
break;
default:
throw new ZipUnsupportMethodException($entry->getName() .
@ -485,6 +488,12 @@ class ZipInputStream implements ZipInputStreamInterface
}
if ($content === false) {
if ($isEncrypted) {
throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$entry->getName()
));
}
throw new ZipException(sprintf(
'Failed to get the contents of the zip entry "%s"',
$entry->getName()
@ -497,7 +506,10 @@ class ZipInputStream implements ZipInputStreamInterface
$crc = PHP_INT_SIZE === 4 ? sprintf('%u', $entry->getCrc()) : $entry->getCrc();
if ($crc != $localCrc) {
if ($isEncrypted) {
throw new ZipCryptoException("Wrong password");
throw new ZipAuthenticationException(sprintf(
'Invalid password for zip entry "%s"',
$entry->getName()
));
}
throw new Crc32Exception($entry->getName(), $crc, $localCrc);
}

2
src/PhpZip/Stream/ZipInputStreamInterface.php
View File

@ -2,6 +2,7 @@
namespace PhpZip\Stream;
use PhpZip\Exception\ZipException;
use PhpZip\Model\ZipEntry;
use PhpZip\Model\ZipModel;
@ -26,6 +27,7 @@ interface ZipInputStreamInterface
/**
* @param ZipEntry $entry
* @return string
* @throws ZipException
*/
public function readEntryContent(ZipEntry $entry);

2
tests/PhpZip/PhpZipExtResourceTest.php
View File

@ -101,7 +101,7 @@ class PhpZipExtResourceTest extends ZipTestCase
* Bug #70752 (Depacking with wrong password leaves 0 length files)
* @see https://github.com/php/php-src/blob/master/ext/zip/tests/bug70752.phpt
* @expectedException \PhpZip\Exception\ZipAuthenticationException
* @expectedExceptionMessage Bad password for entry bug70752.txt
* @expectedExceptionMessage nvalid password for zip entry "bug70752.txt"
* @throws ZipException
*/
public function testBug70752()

2
tests/PhpZip/ZipPasswordTest.php
View File

@ -43,7 +43,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
$zipFile[$entryName];
$this->fail("Expected Exception has not been raised.");
} catch (ZipAuthenticationException $ae) {
$this->assertContains('Bad password for entry', $ae->getMessage());
$this->assertContains('Invalid password for zip entry', $ae->getMessage());
}
}