HEX
Server: LiteSpeed
System: Linux d8 4.18.0-553.30.1.lve.el8.x86_64 #1 SMP Tue Dec 3 01:21:19 UTC 2024 x86_64
User: wbwebdes (3015)
PHP: 8.1.31
Disabled: exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
$ pwd: /home/wbwebdes/domains/survey.wb-webdesign.com/private_html/application/libraries/
Upload Files
File: /home/wbwebdes/domains/survey.wb-webdesign.com/private_html/application/libraries/Zip.php
<?php

namespace LimeSurvey;

/**
 * Extends ZipArchive class to add a check for Zip Bombing
 */
class Zip extends \ZipArchive
{
    protected $opened = false;

    /**
     * @inheritdoc
     * @param bool $checkZipBomb If true, check for Zip Bombing
     */
    #[\ReturnTypeWillChange]
    public function open($filename, $flags = 0, $checkZipBomb = true)
    {
        $result = parent::open($filename, $flags);
        $this->opened = ($result === true);
        if ($result === true && $checkZipBomb && $this->isZipBomb()) {
            throw new \Exception("Unzipped file is bigger than upload_max_filesize or post_max_size");
        }
        return $result;
    }

    /**
     * @inheritdoc
     */
    public function close() : bool
    {
        $result = parent::close();
        $this->opened = false;
        return $result;
    }

    /**
     * Check if the zip archive is a Zip Bomb
     * @return bool
     */
    public function isZipBomb()
    {
        if (!$this->opened) {
            return false;
        }
        $totalSize = 0;
        for ($i = 0; $i < $this->numFiles; $i++) {
            $fileStats = $this->statIndex($i);
            $totalSize += $fileStats['size'];
        }
        return ($totalSize > \Yii::app()->getConfig('maximum_unzipped_size'));
    }
}
@ Telegram