Fix #81420: ZipArchive::extractTo extracts outside of destination

We need to properly detect and handle absolute paths in a portable way.
php · Sep 21, 2021 · df2ceac · df2ceac
1 parent 521bd7c
commit df2ceac
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
@@ -106,8 +106,8 @@ static char * php_zip_make_relative_path(char *path, size_t path_len) /* {{{ */
 		return NULL;
 	}
 
-	if (IS_SLASH(path[0])) {
-		return path + 1;
+	if (IS_ABSOLUTE_PATH(path, path_len)) {
+		return path + COPY_WHEN_ABSOLUTE(path) + 1;
 	}
 
 	i = path_len;

diff --git a/ext/zip/tests/bug81420.phpt b/ext/zip/tests/bug81420.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #81420 (ZipArchive::extractTo extracts outside of destination)
+--SKIPIF--
+<?php
+if (!extension_loaded("zip")) die("skip zip extension not available");
+?>
+--FILE--
+<?php
+$zip = new ZipArchive();
+$zip->open(__DIR__ . "/bug81420.zip");
+$destination = __DIR__ . "/bug81420";
+mkdir($destination);
+$zip->extractTo($destination);
+var_dump(file_exists("$destination/nt1/zzr_noharm.php"));
+?>
+--CLEAN--
+<?php
+$destination = __DIR__ . "/bug81420";
+@unlink("$destination/nt1/zzr_noharm.php");
+@rmdir("$destination/nt1");
+@rmdir($destination);
+?>
+--EXPECT--
+bool(true)
diff --git a/ext/zip/tests/bug81420.zip b/ext/zip/tests/bug81420.zip