adelahmd / mollify

Automatically exported from code.google.com/p/mollify
0 stars 0 forks source link

Browse-able zip files #9

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
If a zip file is stored on the server mollify could allow the contents to be 
browse-able maybe even 
downloadable?

Original issue reported on code.google.com by gregory....@gmail.com on 21 Mar 2009 at 5:37

GoogleCodeExporter commented 9 years ago

Original comment by samuli.j...@gmail.com on 21 Mar 2009 at 5:38

GoogleCodeExporter commented 9 years ago
I bet this would be quite useful, and I'll try to see if this is doable (after 
1.0).

In-memory library for reading zip files would be the best, as writing temporary 
files
to server filesystem can be error prone, especially in permissions limited host 
services.

Original comment by samuli.j...@gmail.com on 23 Mar 2009 at 5:45

GoogleCodeExporter commented 9 years ago
It does seem doable, PHP has a zip library
(http://fi2.php.net/manual/en/book.zip.php) which provides a way to get zip 
contents,
and read them as well. So it would be possible to allow browsing zip files, and
download files in a zip package.

Original comment by samuli.j...@gmail.com on 23 Mar 2009 at 6:31

GoogleCodeExporter commented 9 years ago
What about unpacking zip files? (as well as other archives preferably).

Original comment by e.so...@gmail.com on 22 Jul 2010 at 6:03

GoogleCodeExporter commented 9 years ago
Yes, why not unpacking as well. I guess this would end up being some zip plugin 
that provides various zip operations (like browsing, unzipping etc).

If there is native support in PHP for other packages as well (like tar etc), 
this could be extended to a "compressed package plugin" instead of "zip 
plugin", but I'll start with zip anyway (when the time comes).

Original comment by samuli.j...@gmail.com on 23 Jul 2010 at 8:57

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Maybe you can use this:
http://www.phpconcept.net/pclzip

Original comment by ianvanw...@gmail.com on 7 Jan 2011 at 6:48

GoogleCodeExporter commented 9 years ago
I actually think the unpacking of archives (ZIP, RAR, TAR, ect..) should not be 
allowed. This could allow the upload of blocked filetypes (malicious server 
scripts) to be uploaded in an archive then extracted and executed.

Please do not add this feature, or at least add a feature to scan archives 
before upload!

Original comment by fub...@gmail.com on 20 Jun 2011 at 7:59

GoogleCodeExporter commented 9 years ago
Actually unpacking has been done already, but of course this is something you 
have to enable.

I understand your concerns, but could you tell me how can you execute scripts 
that are extracted from an archive?

Of course you should protect published files so Apache won't give access to the 
files (there's the security wiki page for that), but apart from that I can't 
come up with a way to execute scripts. Mollify certainly doesn't have this 
feature, but if there's some error that makes it possible, I'll of course fix 
it.

Original comment by samuli.j...@gmail.com on 21 Jun 2011 at 6:28