Security Class Interface
The Security class provides system-level safety checks, including automated scanning of uploaded packages for malicious or dangerous patterns. It is used during the installation of themes and modules to prevent data breaches or unauthorized code execution.
Method Overview
scanZip()
Scans the contents of a ZIP file for dangerous PHP or Javascript patterns.
Syntax:
public static function scanZip(string $zipPath) : array
Parameters:
$zipPath (string): The absolute path to the local ZIP file.
Returns:
array: An array with status (bool) and errors (array).
Example Usage in a Module:
$result = Security::scanZip('/path/to/upload.zip');
if ($result['status'] === false) {
foreach ($result['errors'] as $err) {
echo $err . "\n";
}
}
Internal Patterns
The class scans for the following suspicious content:
- PHP Patterns:
eval(), passthru(), shell_exec(), system(), and other execution-related functions.
- Javascript Patterns:
atob(), String.fromCharCode(), and potential obfuscation.
- Obfuscation Check: Detects if a file's content has a disproportionately low ratio of alphanumeric characters.
See Also
