Issues in Zip.php (develop) - Issues in develop - ci-bonfire/Sprint - Measure and Improve Code Quality continuously with Scrutinizer

Issues (423)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

system/libraries/Zip.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * CodeIgniter
 *
 * An open source application development framework for PHP
 *
 * This content is released under the MIT License (MIT)
 *
 * Copyright (c) 2014 - 2015, British Columbia Institute of Technology
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package	CodeIgniter
 * @author	EllisLab Dev Team
 * @copyright	Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
 * @copyright	Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
 * @license	http://opensource.org/licenses/MIT	MIT License
 * @link	http://codeigniter.com
 * @since	Version 1.0.0
 * @filesource
 */
defined('BASEPATH') OR exit('No direct script access allowed');

/**
 * Zip Compression Class
 *
 * This class is based on a library I found at Zend:
 * http://www.zend.com/codex.php?id=696&single=1
 *
 * The original library is a little rough around the edges so I
 * refactored it and added several additional methods -- Rick Ellis
 *
 * @package		CodeIgniter
 * @subpackage	Libraries
 * @category	Encryption
 * @author		EllisLab Dev Team
 * @link		http://codeigniter.com/user_guide/libraries/zip.html
 */
class CI_Zip {

	/**
	 * Zip data in string form
	 *
	 * @var string
	 */
	public $zipdata = '';

	/**
	 * Zip data for a directory in string form
	 *
	 * @var string
	 */
	public $directory = '';

	/**
	 * Number of files/folder in zip file
	 *
	 * @var int
	 */
	public $entries = 0;

	/**
	 * Number of files in zip
	 *
	 * @var int
	 */
	public $file_num = 0;

	/**
	 * relative offset of local header
	 *
	 * @var int
	 */
	public $offset = 0;

	/**
	 * Reference to time at init
	 *
	 * @var int
	 */
	public $now;

	/**
	 * The level of compression
	 *
	 * Ranges from 0 to 9, with 9 being the highest level.
	 *
	 * @var	int
	 */
	public $compression_level = 2;

	/**
	 * Initialize zip compression class
	 *
	 * @return	void
	 */
	public function __construct()
	{
		$this->now = time();
		log_message('info', 'Zip Compression Class Initialized');
	}

	// --------------------------------------------------------------------

	/**
	 * Add Directory
	 *
	 * Lets you add a virtual directory into which you can place files.
	 *
	 * @param	mixed	$directory	the directory name. Can be string or array
	 * @return	void
	 */
	public function add_dir($directory)
	{
		foreach ((array) $directory as $dir)
		{
			if ( ! preg_match('|.+/$|', $dir))
			{
				$dir .= '/';
			}

			$dir_time = $this->_get_mod_time($dir);
			$this->_add_dir($dir, $dir_time['file_mtime'], $dir_time['file_mdate']);
		}
	}

	// --------------------------------------------------------------------

	/**
	 * Get file/directory modification time
	 *
	 * If this is a newly created file/dir, we will set the time to 'now'
	 *
	 * @param	string	$dir	path to file
	 * @return	array	filemtime/filemdate
	 */
	protected function _get_mod_time($dir)
	{
		// filemtime() may return false, but raises an error for non-existing files
		$date = file_exists($dir) ? getdate(filemtime($dir)) : getdate($this->now);

		return array(
			'file_mtime' => ($date['hours'] << 11) + ($date['minutes'] << 5) + $date['seconds'] / 2,
			'file_mdate' => (($date['year'] - 1980) << 9) + ($date['mon'] << 5) + $date['mday']
		);
	}

	// --------------------------------------------------------------------

	/**
	 * Add Directory
	 *
	 * @param	string	$dir	the directory name
	 * @param	int	$file_mtime
	 * @param	int	$file_mdate
	 * @return	void
	 */
	protected function _add_dir($dir, $file_mtime, $file_mdate)
	{
		$dir = str_replace('\\', '/', $dir);

		$this->zipdata .=
			"\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00"
			.pack('v', $file_mtime)
			.pack('v', $file_mdate)
			.pack('V', 0) // crc32
			.pack('V', 0) // compressed filesize
			.pack('V', 0) // uncompressed filesize
			.pack('v', strlen($dir)) // length of pathname
			.pack('v', 0) // extra field length
			.$dir
			// below is "data descriptor" segment
			.pack('V', 0) // crc32
			.pack('V', 0) // compressed filesize
			.pack('V', 0); // uncompressed filesize

		$this->directory .=
			"\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00"
			.pack('v', $file_mtime)
			.pack('v', $file_mdate)
			.pack('V',0) // crc32
			.pack('V',0) // compressed filesize
			.pack('V',0) // uncompressed filesize
			.pack('v', strlen($dir)) // length of pathname
			.pack('v', 0) // extra field length
			.pack('v', 0) // file comment length
			.pack('v', 0) // disk number start
			.pack('v', 0) // internal file attributes
			.pack('V', 16) // external file attributes - 'directory' bit set
			.pack('V', $this->offset) // relative offset of local header
			.$dir;

		$this->offset = strlen($this->zipdata);
		$this->entries++;
	}

	// --------------------------------------------------------------------

	/**
	 * Add Data to Zip
	 *
	 * Lets you add files to the archive. If the path is included
	 * in the filename it will be placed within a directory. Make
	 * sure you use add_dir() first to create the folder.
	 *
	 * @param	mixed	$filepath	A single filepath or an array of file => data pairs
	 * @param	string	$data		Single file contents
	 * @return	void
	 */
	public function add_data($filepath, $data = NULL)
	{
		if (is_array($filepath))
		{
			foreach ($filepath as $path => $data)
			{
				$file_data = $this->_get_mod_time($path);
				$this->_add_data($path, $data, $file_data['file_mtime'], $file_data['file_mdate']);
			}
		}
		else
		{
			$file_data = $this->_get_mod_time($filepath);
			$this->_add_data($filepath, $data, $file_data['file_mtime'], $file_data['file_mdate']);
		}
	}

	// --------------------------------------------------------------------

	/**
	 * Add Data to Zip
	 *
	 * @param	string	$filepath	the file name/path
	 * @param	string	$data	the data to be encoded
	 * @param	int	$file_mtime
	 * @param	int	$file_mdate
	 * @return	void
	 */
	protected function _add_data($filepath, $data, $file_mtime, $file_mdate)
	{
		$filepath = str_replace('\\', '/', $filepath);

		$uncompressed_size = strlen($data);
		$crc32  = crc32($data);
		$gzdata = substr(gzcompress($data, $this->compression_level), 2, -4);
		$compressed_size = strlen($gzdata);

		$this->zipdata .=
			"\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00"
			.pack('v', $file_mtime)
			.pack('v', $file_mdate)
			.pack('V', $crc32)
			.pack('V', $compressed_size)
			.pack('V', $uncompressed_size)
			.pack('v', strlen($filepath)) // length of filename
			.pack('v', 0) // extra field length
			.$filepath
			.$gzdata; // "file data" segment

		$this->directory .=
			"\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"
			.pack('v', $file_mtime)
			.pack('v', $file_mdate)
			.pack('V', $crc32)
			.pack('V', $compressed_size)
			.pack('V', $uncompressed_size)
			.pack('v', strlen($filepath)) // length of filename
			.pack('v', 0) // extra field length
			.pack('v', 0) // file comment length
			.pack('v', 0) // disk number start
			.pack('v', 0) // internal file attributes
			.pack('V', 32) // external file attributes - 'archive' bit set
			.pack('V', $this->offset) // relative offset of local header
			.$filepath;

		$this->offset = strlen($this->zipdata);
		$this->entries++;
		$this->file_num++;
	}

	// --------------------------------------------------------------------

	/**
	 * Read the contents of a file and add it to the zip
	 *
	 * @param	string	$path
	 * @param	bool	$archive_filepath
	 * @return	bool
	 */
	public function read_file($path, $archive_filepath = FALSE)
	{
		if (file_exists($path) && FALSE !== ($data = file_get_contents($path)))
		{
			if (is_string($archive_filepath))
			{
				$name = str_replace('\\', '/', $archive_filepath);
			}
			else
			{
				$name = str_replace('\\', '/', $path);

				if ($archive_filepath === FALSE)
				{
					$name = preg_replace('|.*/(.+)|', '\\1', $name);
				}
			}

			$this->add_data($name, $data);
			return TRUE;
		}

		return FALSE;
	}

	// ------------------------------------------------------------------------

	/**
	 * Read a directory and add it to the zip.
	 *
	 * This function recursively reads a folder and everything it contains (including
	 * sub-folders) and creates a zip based on it. Whatever directory structure
	 * is in the original file path will be recreated in the zip file.
	 *
	 * @param	string	$path	path to source directory
	 * @param	bool	$preserve_filepath
	 * @param	string	$root_path
	 * @return	bool
	 */
	public function read_dir($path, $preserve_filepath = TRUE, $root_path = NULL)
	{
		$path = rtrim($path, '/\\').DIRECTORY_SEPARATOR;
		if ( ! $fp = @opendir($path))
		{
			return FALSE;
		}

		// Set the original directory root for child dir's to use as relative
		if ($root_path === NULL)
		{
			$root_path = str_replace(array('\\', '/'), DIRECTORY_SEPARATOR, dirname($path)).DIRECTORY_SEPARATOR;
		}

		while (FALSE !== ($file = readdir($fp)))
		{
			if ($file[0] === '.')
			{
				continue;
			}

			if (is_dir($path.$file))
			{
				$this->read_dir($path.$file.DIRECTORY_SEPARATOR, $preserve_filepath, $root_path);
			}
			elseif (FALSE !== ($data = file_get_contents($path.$file)))
			{
				$name = str_replace(array('\\', '/'), DIRECTORY_SEPARATOR, $path);
				if ($preserve_filepath === FALSE)
				{
					$name = str_replace($root_path, '', $name);
				}

				$this->add_data($name.$file, $data);
			}
		}

		closedir($fp);
		return TRUE;
	}

	// --------------------------------------------------------------------

	/**
	 * Get the Zip file
	 *
	 * @return	string	(binary encoded)
	 */
	public function get_zip()
	{
		// Is there any data to return?
		if ($this->entries === 0)
		{
			return FALSE;
		}

		return $this->zipdata
			.$this->directory."\x50\x4b\x05\x06\x00\x00\x00\x00"
			.pack('v', $this->entries) // total # of entries "on this disk"
			.pack('v', $this->entries) // total # of entries overall
			.pack('V', strlen($this->directory)) // size of central dir
			.pack('V', strlen($this->zipdata)) // offset to start of central dir
			."\x00\x00"; // .zip file comment length
	}

	// --------------------------------------------------------------------

	/**
	 * Write File to the specified directory
	 *
	 * Lets you write a file
	 *
	 * @param	string	$filepath	the file name
	 * @return	bool
	 */
	public function archive($filepath)
	{
		if ( ! ($fp = @fopen($filepath, 'w+b')))
		{
			return FALSE;
		}

		flock($fp, LOCK_EX);

		for ($result = $written = 0, $data = $this->get_zip(), $length = strlen($data); $written < $length; $written += $result)
		{
			if (($result = fwrite($fp, substr($data, $written))) === FALSE)
			{
				break;
			}
		}

		flock($fp, LOCK_UN);
		fclose($fp);

		return is_int($result);
	}

	// --------------------------------------------------------------------

	/**
	 * Download
	 *
	 * @param	string	$filename	the file name
	 * @return	void
	 */
	public function download($filename = 'backup.zip')
	{
		if ( ! preg_match('|.+?\.zip$|', $filename))
		{
			$filename .= '.zip';
		}

		get_instance()->load->helper('download');
		$get_zip = $this->get_zip();
		$zip_content =& $get_zip;

		force_download($filename, $zip_content);
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
	}

	// --------------------------------------------------------------------

	/**
	 * Initialize Data
	 *
	 * Lets you clear current zip data. Useful if you need to create
	 * multiple zips with different data.
	 *
	 * @return	CI_Zip
	 */
	public function clear_data()
	{
		$this->zipdata = '';
		$this->directory = '';
		$this->entries = 0;
		$this->file_num = 0;
		$this->offset = 0;
		return $this;
	}

}


GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/libraries/Zip.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2016-02-16 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 55 and the first side effect is on line 38. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* CodeIgniter
4		*
5		* An open source application development framework for PHP
6		*
7		* This content is released under the MIT License (MIT)
8		*
9		* Copyright (c) 2014 - 2015, British Columbia Institute of Technology
10		*
11		* Permission is hereby granted, free of charge, to any person obtaining a copy
12		* of this software and associated documentation files (the "Software"), to deal
13		* in the Software without restriction, including without limitation the rights
14		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
15		* copies of the Software, and to permit persons to whom the Software is
16		* furnished to do so, subject to the following conditions:
17		*
18		* The above copyright notice and this permission notice shall be included in
19		* all copies or substantial portions of the Software.
20		*
21		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
22		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
23		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
24		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
25		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
26		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27		* THE SOFTWARE.
28		*
29		* @package CodeIgniter
30		* @author EllisLab Dev Team
31		* @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
32		* @copyright Copyright (c) 2014 - 2015, British Columbia Institute of Technology (http://bcit.ca/)
33		* @license http://opensource.org/licenses/MIT MIT License
34		* @link http://codeigniter.com
35		* @since Version 1.0.0
36		* @filesource
37		*/
38		defined('BASEPATH') OR exit('No direct script access allowed');
39
40		/**
41		* Zip Compression Class
42		*
43		* This class is based on a library I found at Zend:
44		* http://www.zend.com/codex.php?id=696&single=1
45		*
46		* The original library is a little rough around the edges so I
47		* refactored it and added several additional methods -- Rick Ellis
48		*
49		* @package CodeIgniter
50		* @subpackage Libraries
51		* @category Encryption
52		* @author EllisLab Dev Team
53		* @link http://codeigniter.com/user_guide/libraries/zip.html
54		*/
55		class CI_Zip {
56
57		/**
58		* Zip data in string form
59		*
60		* @var string
61		*/
62		public $zipdata = '';
63
64		/**
65		* Zip data for a directory in string form
66		*
67		* @var string
68		*/
69		public $directory = '';
70
71		/**
72		* Number of files/folder in zip file
73		*
74		* @var int
75		*/
76		public $entries = 0;
77
78		/**
79		* Number of files in zip
80		*
81		* @var int
82		*/
83		public $file_num = 0;
84
85		/**
86		* relative offset of local header
87		*
88		* @var int
89		*/
90		public $offset = 0;
91
92		/**
93		* Reference to time at init
94		*
95		* @var int
96		*/
97		public $now;
98
99		/**
100		* The level of compression
101		*
102		* Ranges from 0 to 9, with 9 being the highest level.
103		*
104		* @var int
105		*/
106		public $compression_level = 2;
107
108		/**
109		* Initialize zip compression class
110		*
111		* @return void
112		*/
113		public function __construct()
114		{
115		$this->now = time();
116		log_message('info', 'Zip Compression Class Initialized');
117		}
118
119		// --------------------------------------------------------------------
120
121		/**
122		* Add Directory
123		*
124		* Lets you add a virtual directory into which you can place files.
125		*
126		* @param mixed $directory the directory name. Can be string or array
127		* @return void
128		*/
129		public function add_dir($directory)
130		{
131		foreach ((array) $directory as $dir)
132		{
133		if ( ! preg_match('\|.+/$\|', $dir))
134		{
135		$dir .= '/';
136		}
137
138		$dir_time = $this->_get_mod_time($dir);
139		$this->_add_dir($dir, $dir_time['file_mtime'], $dir_time['file_mdate']);
140		}
141		}
142
143		// --------------------------------------------------------------------
144
145		/**
146		* Get file/directory modification time
147		*
148		* If this is a newly created file/dir, we will set the time to 'now'
149		*
150		* @param string $dir path to file
151		* @return array filemtime/filemdate
152		*/
153		protected function _get_mod_time($dir)
154		{
155		// filemtime() may return false, but raises an error for non-existing files
156		$date = file_exists($dir) ? getdate(filemtime($dir)) : getdate($this->now);
157
158		return array(
159		'file_mtime' => ($date['hours'] << 11) + ($date['minutes'] << 5) + $date['seconds'] / 2,
160		'file_mdate' => (($date['year'] - 1980) << 9) + ($date['mon'] << 5) + $date['mday']
161		);
162		}
163
164		// --------------------------------------------------------------------
165
166		/**
167		* Add Directory
168		*
169		* @param string $dir the directory name
170		* @param int $file_mtime
171		* @param int $file_mdate
172		* @return void
173		*/
174		protected function _add_dir($dir, $file_mtime, $file_mdate)
175		{
176		$dir = str_replace('\\', '/', $dir);
177
178		$this->zipdata .=
179		"\x50\x4b\x03\x04\x0a\x00\x00\x00\x00\x00"
180		.pack('v', $file_mtime)
181		.pack('v', $file_mdate)
182		.pack('V', 0) // crc32
183		.pack('V', 0) // compressed filesize
184		.pack('V', 0) // uncompressed filesize
185		.pack('v', strlen($dir)) // length of pathname
186		.pack('v', 0) // extra field length
187		.$dir
188		// below is "data descriptor" segment
189		.pack('V', 0) // crc32
190		.pack('V', 0) // compressed filesize
191		.pack('V', 0); // uncompressed filesize
192
193		$this->directory .=
194		"\x50\x4b\x01\x02\x00\x00\x0a\x00\x00\x00\x00\x00"
195		.pack('v', $file_mtime)
196		.pack('v', $file_mdate)
197		.pack('V',0) // crc32
198		.pack('V',0) // compressed filesize
199		.pack('V',0) // uncompressed filesize
200		.pack('v', strlen($dir)) // length of pathname
201		.pack('v', 0) // extra field length
202		.pack('v', 0) // file comment length
203		.pack('v', 0) // disk number start
204		.pack('v', 0) // internal file attributes
205		.pack('V', 16) // external file attributes - 'directory' bit set
206		.pack('V', $this->offset) // relative offset of local header
207		.$dir;
208
209		$this->offset = strlen($this->zipdata);
210		$this->entries++;
211		}
212
213		// --------------------------------------------------------------------
214
215		/**
216		* Add Data to Zip
217		*
218		* Lets you add files to the archive. If the path is included
219		* in the filename it will be placed within a directory. Make
220		* sure you use add_dir() first to create the folder.
221		*
222		* @param mixed $filepath A single filepath or an array of file => data pairs
223		* @param string $data Single file contents
224		* @return void
225		*/
226		public function add_data($filepath, $data = NULL)
227		{
228		if (is_array($filepath))
229		{
230		foreach ($filepath as $path => $data)
231		{
232		$file_data = $this->_get_mod_time($path);
233		$this->_add_data($path, $data, $file_data['file_mtime'], $file_data['file_mdate']);
234		}
235		}
236		else
237		{
238		$file_data = $this->_get_mod_time($filepath);
239		$this->_add_data($filepath, $data, $file_data['file_mtime'], $file_data['file_mdate']);
240		}
241		}
242
243		// --------------------------------------------------------------------
244
245		/**
246		* Add Data to Zip
247		*
248		* @param string $filepath the file name/path
249		* @param string $data the data to be encoded
250		* @param int $file_mtime
251		* @param int $file_mdate
252		* @return void
253		*/
254		protected function _add_data($filepath, $data, $file_mtime, $file_mdate)
255		{
256		$filepath = str_replace('\\', '/', $filepath);
257
258		$uncompressed_size = strlen($data);
259		$crc32 = crc32($data);
260		$gzdata = substr(gzcompress($data, $this->compression_level), 2, -4);
261		$compressed_size = strlen($gzdata);
262
263		$this->zipdata .=
264		"\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00"
265		.pack('v', $file_mtime)
266		.pack('v', $file_mdate)
267		.pack('V', $crc32)
268		.pack('V', $compressed_size)
269		.pack('V', $uncompressed_size)
270		.pack('v', strlen($filepath)) // length of filename
271		.pack('v', 0) // extra field length
272		.$filepath
273		.$gzdata; // "file data" segment
274
275		$this->directory .=
276		"\x50\x4b\x01\x02\x00\x00\x14\x00\x00\x00\x08\x00"
277		.pack('v', $file_mtime)
278		.pack('v', $file_mdate)
279		.pack('V', $crc32)
280		.pack('V', $compressed_size)
281		.pack('V', $uncompressed_size)
282		.pack('v', strlen($filepath)) // length of filename
283		.pack('v', 0) // extra field length
284		.pack('v', 0) // file comment length
285		.pack('v', 0) // disk number start
286		.pack('v', 0) // internal file attributes
287		.pack('V', 32) // external file attributes - 'archive' bit set
288		.pack('V', $this->offset) // relative offset of local header
289		.$filepath;
290
291		$this->offset = strlen($this->zipdata);
292		$this->entries++;
293		$this->file_num++;
294		}
295
296		// --------------------------------------------------------------------
297
298		/**
299		* Read the contents of a file and add it to the zip
300		*
301		* @param string $path
302		* @param bool $archive_filepath
303		* @return bool
304		*/
305		public function read_file($path, $archive_filepath = FALSE)
306		{
307		if (file_exists($path) && FALSE !== ($data = file_get_contents($path)))
308		{
309		if (is_string($archive_filepath))
310		{
311		$name = str_replace('\\', '/', $archive_filepath);
312		}
313		else
314		{
315		$name = str_replace('\\', '/', $path);
316
317		if ($archive_filepath === FALSE)
318		{
319		$name = preg_replace('\|.*/(.+)\|', '\\1', $name);
320		}
321		}
322
323		$this->add_data($name, $data);
324		return TRUE;
325		}
326
327		return FALSE;
328		}
329
330		// ------------------------------------------------------------------------
331
332		/**
333		* Read a directory and add it to the zip.
334		*
335		* This function recursively reads a folder and everything it contains (including
336		* sub-folders) and creates a zip based on it. Whatever directory structure
337		* is in the original file path will be recreated in the zip file.
338		*
339		* @param string $path path to source directory
340		* @param bool $preserve_filepath
341		* @param string $root_path
342		* @return bool
343		*/
344		public function read_dir($path, $preserve_filepath = TRUE, $root_path = NULL)
345		{
346		$path = rtrim($path, '/\\').DIRECTORY_SEPARATOR;
347		if ( ! $fp = @opendir($path))
348		{
349		return FALSE;
350		}
351
352		// Set the original directory root for child dir's to use as relative
353		if ($root_path === NULL)
354		{
355		$root_path = str_replace(array('\\', '/'), DIRECTORY_SEPARATOR, dirname($path)).DIRECTORY_SEPARATOR;
356		}
357
358		while (FALSE !== ($file = readdir($fp)))
359		{
360		if ($file[0] === '.')
361		{
362		continue;
363		}
364
365		if (is_dir($path.$file))
366		{
367		$this->read_dir($path.$file.DIRECTORY_SEPARATOR, $preserve_filepath, $root_path);
368		}
369		elseif (FALSE !== ($data = file_get_contents($path.$file)))
370		{
371		$name = str_replace(array('\\', '/'), DIRECTORY_SEPARATOR, $path);
372		if ($preserve_filepath === FALSE)
373		{
374		$name = str_replace($root_path, '', $name);
375		}
376
377		$this->add_data($name.$file, $data);
378		}
379		}
380
381		closedir($fp);
382		return TRUE;
383		}
384
385		// --------------------------------------------------------------------
386
387		/**
388		* Get the Zip file
389		*
390		* @return string (binary encoded)
391		*/
392		public function get_zip()
393		{
394		// Is there any data to return?
395		if ($this->entries === 0)
396		{
397		return FALSE;
398		}
399
400		return $this->zipdata
401		.$this->directory."\x50\x4b\x05\x06\x00\x00\x00\x00"
402		.pack('v', $this->entries) // total # of entries "on this disk"
403		.pack('v', $this->entries) // total # of entries overall
404		.pack('V', strlen($this->directory)) // size of central dir
405		.pack('V', strlen($this->zipdata)) // offset to start of central dir
406		."\x00\x00"; // .zip file comment length
407		}
408
409		// --------------------------------------------------------------------
410
411		/**
412		* Write File to the specified directory
413		*
414		* Lets you write a file
415		*
416		* @param string $filepath the file name
417		* @return bool
418		*/
419	View Code Duplication	public function archive($filepath)
420		{
421		if ( ! ($fp = @fopen($filepath, 'w+b')))
422		{
423		return FALSE;
424		}
425
426		flock($fp, LOCK_EX);
427
428		for ($result = $written = 0, $data = $this->get_zip(), $length = strlen($data); $written < $length; $written += $result)
429		{
430		if (($result = fwrite($fp, substr($data, $written))) === FALSE)
431		{
432		break;
433		}
434		}
435
436		flock($fp, LOCK_UN);
437		fclose($fp);
438
439		return is_int($result);
440		}
441
442		// --------------------------------------------------------------------
443
444		/**
445		* Download
446		*
447		* @param string $filename the file name
448		* @return void
449		*/
450		public function download($filename = 'backup.zip')
451		{
452		if ( ! preg_match('\|.+?\.zip$\|', $filename))
453		{
454		$filename .= '.zip';
455		}
456
457		get_instance()->load->helper('download');
458		$get_zip = $this->get_zip();
459		$zip_content =& $get_zip;
460
461		force_download($filename, $zip_content);
		0 ignored issues – show Security Bug introduced 2016-02-16 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$zip_content` defined by `$get_zip` on line `459` can also be of type `false`; however, `force_download()` does only seem to accept `string`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
462		}
463
464		// --------------------------------------------------------------------
465
466		/**
467		* Initialize Data
468		*
469		* Lets you clear current zip data. Useful if you need to create
470		* multiple zips with different data.
471		*
472		* @return CI_Zip
473		*/
474		public function clear_data()
475		{
476		$this->zipdata = '';
477		$this->directory = '';
478		$this->entries = 0;
479		$this->file_num = 0;
480		$this->offset = 0;
481		return $this;
482		}
483
484		}
485

ci-bonfire / Sprint

GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

system/libraries/Zip.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like