1--TEST-- 2Bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories) 3--EXTENSIONS-- 4zip 5--FILE-- 6<?php 7 8$dir = __DIR__."/bug70350"; 9mkdir($dir); 10$archive = new ZipArchive(); 11$archive->open("$dir/a.zip",ZipArchive::CREATE); 12$archive->addEmptyDir("../down2/"); 13$archive->close(); 14 15$archive2 = new ZipArchive(); 16$archive2->open("$dir/a.zip"); 17$archive2->extractTo($dir); 18$archive2->close(); 19var_dump(file_exists("$dir/down2/")); 20var_dump(file_exists("../down2/")); 21?> 22--CLEAN-- 23<?php 24$dir = __DIR__."/bug70350"; 25rmdir("$dir/down2"); 26unlink("$dir/a.zip"); 27rmdir($dir); 28?> 29--EXPECT-- 30bool(true) 31bool(false) 32
