$file_data) { $filename_fixed = ereg_replace('[^a-zA-Z0-9_.-]', '', $filename); if($filename != $filename_fixed) { die("Invalid filename for tar archive"); } write_file("$tmpdir/$dirname/$filename", $file_data); } header("Content-type: application/x-gzip"); passthru("tar -C $tmpdir -czf - $dirname/"); foreach($files as $filename => $file_data) { unlink("$tmpdir/$dirname/$filename"); } rmdir("$tmpdir/$dirname"); }