go to bug id or search bugs for
phar_parse_zipfile() is looking for the end of central directory (phar_zip_dir_end locator) by going from the file's beginning to the end, stopping at the first occurrence. Due to this, it may locate a sequence that looks like EOCD but is not one. Instead, it should go from the end of the file or, at very least, postpone decision about the locator until the entire stream is traversed, and use the last occurrence (which is in accordance with the spec).
As of now, Phar is unable to open a ZIP archive that contains another ZIP archive inside, or a similarly looking file, and is not deflated.
# mkdir test
# cd test
# touch file
# zip 1.zip file
adding: file (stored 0%)
# zip 2.zip 1.zip
adding: 1.zip (stored 0%)
# php -r 'new PharData("1.zip"); echo "ok";'
# php -r 'new PharData("2.zip");'
PHP Fatal error: Uncaught UnexpectedValueException: phar error: corrupted central directory entry, no magic signature in zip-based phar "/tmp/test/2.zip" in Command line code:1
Add a Patch
Add a Pull Request