TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   Problems with arrays (http://www.talkphp.com/absolute-beginners/2611-problems-arrays.html)

mikka23 04-09-2008 05:41 PM
Problems with arrays
 
Well first off I'm an absolute PHP novice but have managed to combine numerous php snippets and free scripts/plugins to create my own sort of cms. Im having a problem with the dUnzip class. I have made my script so a user can fill out a form, upload a zip which is then extracted autmatically to the server.

For security reason I need to check the files in the archive zip before extracting. If there are php files, exe or other file extensions which are not safe the zip is not extracted. I was told by the creator of the dUnzip class to use:
PHP Code:
print_r($zip->getList()); 
This displays the array of each file in the zip. My problem is how do I manage to explode the array, select file_name then use ereg to find disallowed file extension? I'm not sure if thats the right thing to do anyways but I can't think how to do it regardless.

Output from above snippet is in the form:
Code:
Array
(
[ecofriendly/] => Array
(
[file_name] => ecofriendly/
[compression_method] => 0
[version_needed] => 10
[lastmod_datetime] => 1207025649
[crc-32] => 00000000
[compressed_size] => 0
[uncompressed_size] => 0
[extra_field] =>
[contents-startOffset] => 42
)

[ecofriendly/background.jpg] => Array
(
[file_name] => ecofriendly/background.jpg
[compression_method] => 8
[version_needed] => 20
[lastmod_datetime] => 1207024042
[crc-32] => b6ccb00f
[compressed_size] => 6454
[uncompressed_size] => 14542
[extra_field] =>
[contents-startOffset] => 98
)

[ecofriendly/banner.jpg] => Array
(
[file_name] => ecofriendly/banner.jpg
[compression_method] => 8
[version_needed] => 20
[lastmod_datetime] => 1207024042
[crc-32] => d552573d
[compressed_size] => 5310
[uncompressed_size] => 13408
[extra_field] =>
[contents-startOffset] => 6604
)
This is actually the last remaining problem until my cms is complete and I can launch my website so help is really, really appreciated.

Advertising spot can be arranged for someone who helps :) 125x125 above fold on PR6 decent traffic website.

Salathe 04-09-2008 06:59 PM
It looks like the file information is stored in an associative array (but that's not particularly important here). To get at the file names you can use the file_name key on each of the main array items.

For example:
PHP Code:
$bad_file_found  FALSE;
$blacklist       = array('php''exe');
$blacklist_regex '/\.(?:'
                 implode('|'array_map('preg_quote'$blacklist))
                 . ')$/iD';

foreach ($zip->getList() as $file)
{
    if (preg_match($blacklist_regex$file['file_name']))
    {
        $bad_file_found TRUE;
        break; // no need to continue foreach
    }
}

if ($bad_file_found)
{
    die('Hey, please do not include invalid file types in your ZIP.');
}

die('No invalid files found, woohoo!'); 

mikka23 04-09-2008 08:05 PM
You are my new best friend :-D All implemented and working dandy.


All times are GMT. The time now is 05:55 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0