We would like to protect our zip files by registering the user into the installer at download time.
Is there any place in a zipped package where a script could add such hidden info?
The note field is not good as most zip software displays it.
A zip archiver will read a zip file from the end and find entries using offsets. If you put bytes at the beginning of the zip file (and make sure the offsets are still correct !), you will get a valid zip file and I doubt archivers will show the additional content. That's how self-extracting zip files work: the file starts with the unzip exe and ends with the actual zip content.
In your case, you could prepare archives with a fixed-length blob at the beginning and overwrite it when a user download it.
Note that won't "protect" the zip file, just mark the zip file as downloaded by a given user (and the mark can be removed easily).
Related
The user uploads a .tar.gz archive and I need to validate if the archive contains a certain file (I just need to check the filename, nothing else).
I know I can open the file using \PharData however it seems that it loads the entire archive into memory. Since the archive is a backup and can easily be bigger than memory_limit, I can't use this.
How can I do the validation without loading the whole file to memory? In case it is impossible to do in PHP (as I suspect), how can I do it in bash? Again without loading the entire file to memory at once and also without actually unpacking the archive.
you just can use bash command for that:
tar -t - show list of files
I want to create file sharing platform but php has some bug about it.I just use fread to get text of any file (exe,pdf,docx,ppt and etc) then I create text file with random name and with .txt extension.So when user want to download this file ,I create random folder and inside of that folder I create file which has same text that user want to download , and then I give extension which is same as user uploaded version of file and force user to download it.
But when user download file,for example zip file and then if user wants to open , it says failed to open because not supported format.This happens when I try to do this with docx,pdfs,zips and that kind of files (not txt,html,css,c files).
Example : I force the user to download with same extension that he uploaded, for example if user uploaded zip file,I read the text with fread then save this text in the db or text file,and then if user wants to download that file, I just create file and give it zip extension, then force the user to download it,but once user upload this file then if user want to open it fails, but it should open zip file because content text of this file is exact same as user uploaded to the server
Answer should contain:
1)Why this happens?How to fix it?
2)What is the ideal solution?
3)is it safe to do this?
This happens, because windows knows the app to open file file just from the extension. If you rename the file to something.txt, then the editor always wants to open it.
There's no such thing as an ideal solution. A soltution would be to store the file with the original name (maybe at some unique part to prevent duplicates) in a non public readable directory without execution bit set. To access the file, you could create a proxy script, which returns the file and appens a should download header (and maybe the original filename).
Its as safe, as you implement it. Your current solution could be safe, the solution I posted could be safe - but without knowing the details, how you implemented it, nobody knows, if it is actually safe.
It happens because you are opening binary files like a zip file and storing it in a text file then streaming it with the zip extension again.
The ideal solution would be to use one of the 1 million open source file managers out there with proven records and big developer communities. But if for some reason you want to build your own, save the files in a safe folder outside your public folder. store the path in a database of choice together with the public path you will show your users. Upon request use the public path to map to the private path and start the download yourself.
Is as safe as you make it, but nothing is 100% safe so if you are storing sensitive data use something that is well build and documented
Our application overwrites an already existing ZIP file.
The zip file is downloadable, for ZIP creation we use PHP ZipArchive.
Now the question:
Do I have to create a TMP ZIP file and rename it to the desired downloadable filename to have an atomic operation and all time access to a valid ZIP file, or is the ZIP creation process of ZipArchive already atomic?
Edit:
After testing it with multiple addFile calls, separated with a sleep, it seems like that the file is created / overwritten on the final close call. But the question remains, is the final ZIP file creation atomic?
After testing it with a huge directory structure (the zip creation needed ~ 10seconds), and a "watch -n 0.1 unzip -t foo.zip" on the resulting ZIP file, it seems like that the ZIP file creation is atomic.
At least I got no errors while testing the ZIP file.
I have 16631 files hosted in a webserver, 2719 of them are text files that contains a list of specific files located on the server.
Using PHP, is possible to create a ZIP for each text file?
could be the text file name as ZIP file name?
I want to keep the same directory structure in the ZIP file.
Thanks in advance.
Taking the suggestion from Jeff Hines, you could use the ZipArchive class to create the zip.
In Pseudo code
Get List of Text Files in your folder
Read Text file and get list of files to add to zip
Using ZipArchive add each listed file to your new zip file.
Write flag to specify you've done this file.
You might need to run it on 10 files at a time since it may time out.
This may be a simple question or a pretty complex one, ill let you be the deciders.
Using PHP To open a zip file, extract the files to a directory and close the zip file is not a complicated class to make.
But lets say that the file is not a zip, but yet is able to be read by WinRar, examples of these files are like exe's SFX archives etc.
What factors do all these files have in conmen to allow WinRar to browse the source of them.
Another example is Anti Virus Software, that individually scan files within an EXE ?
So what an example:
$handle = fopen("an_unknown_file.abc", "rb");
while (!feof($handle))
{
//What generic code could I use to determain weather the file can be extracted ?
}
fclose($handle);
Regards.
Zip's specifications allow the actual "zip" file portion to be embedded ANYWHERE within a file. It doesn't necessarily have to start at position '0' in the file. This is how self-extracting zips work. It's a small .exe stub program which has a larger .zip file appended to the end of it.
Finding a zip is mostly a matter of scanning for a zip file's "magic number" within a file, then doing a few heuristics to determine if it's really a zip file, or just something random that happens to contain a zip's magic number.
A .docx file is really just a .zip that contains various XML files representing a Word file's contents. Just like a .jar is a zip file that contains various different chunks of Java code.
Winrar's got a bunch of extra code within it to scan through a file and look for any identifiable "this is a compress archive" type signatures, one of which happens to be that of a zip file's.
There's nothing too magical about it. It's just a matter of scanning through a file and looking for signatures.
Not sure what exactly is your question, but I think you are confusing something here... File extension can be described as just a convenient way for humans and computers to relate file extensions to the type of the file/programs that work with them. WinRar (or any other program) reads what the file contains and if it can understand it - it works with it. The only important thing is that the file format (data in the file) is valid and that the program you are using can work with this file format.
So, if a file is in any format that WinRar can work with (.rar, .zip, .gz, etc.), it's extension could be .txt or .whatever and WinRar will still be able to work with it. Extension is just for convenience.