Index: openacs-4/packages/file-storage/www/file-add.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/file-storage/www/file-add.tcl,v
diff -u -r1.28.2.4 -r1.28.2.5
--- openacs-4/packages/file-storage/www/file-add.tcl	29 Dec 2021 17:38:20 -0000	1.28.2.4
+++ openacs-4/packages/file-storage/www/file-add.tcl	18 Feb 2022 12:56:48 -0000	1.28.2.5
@@ -173,15 +173,29 @@
 ad_form -extend -form {} -select_query_name get_file -new_data {
 
     if { [string is true -strict $unpack_p]
+         && $unpack_binary ne ""
          && [file extension [template::util::file::get_property filename $upload_file]] eq ".zip"
     } {
 
+        set ok [util::file_content_check -type zip -file ${upload_file.tmpfile}]
+        if {!$ok} {
+            ad_complain "The uploaded file does not look like a zip file."
+            ad_script_abort
+        }
+
         set path [ad_tmpnam]
         file mkdir $path
 
+        if {[catch { exec $unpack_binary -jd $path ${upload_file.tmpfile} } errMsg]} {
+            #
+            # Completely silently catching unzip errors (like it was
+            # before Feb 18, 2022) is NOT a good idea. Maybe, some zip
+            # variants produce output on stderr, so we have to check,
+            # before we are considering to abort here.
+            #
+            ns_log warning "unpacking the uploaded zip file lead to error: $errorMsg"
+        }
 
-        catch { exec $unpack_binary -jd $path ${upload_file.tmpfile} } errmsg
-
         # More flexible parameter design could be:
         # zip {unzip -jd {out_path} {in_file}} tar {tar xf {in_file} {out_path}} tgz {tar xzf {in_file} {out_path}}