fix issue #39

tests/PhpZip/ZipSlipVulnerabilityTest.php

@@ -0,0 +1,41 @@
+<?php
+
+namespace PhpZip;
+
+/**
+ * Class ZipSlipVulnerabilityTest
+ *
+ * @package PhpZip
+ * @see https://github.com/Ne-Lexa/php-zip/issues/39 Issue#31
+ * @see https://snyk.io/research/zip-slip-vulnerability Zip Slip Vulnerability
+ */
+class ZipSlipVulnerabilityTest extends ZipTestCase
+{
+    /**
+     * @throws Exception\ZipException
+     */
+    public function testCreateSlipVulnerabilityFile()
+    {
+        $localFile = '../dir/./../../file.txt';
+        $zipFile = new ZipFile();
+        $zipFile->addFromString($localFile, 'contents');
+        self::assertContains($localFile, $zipFile->getListFiles());
+        $zipFile->close();
+    }
+
+    /**
+     * @throws Exception\ZipException
+     */
+    public function testUnpack()
+    {
+        $this->assertTrue(mkdir($this->outputDirname, 0755, true));
+
+        $zipFile = new ZipFile();
+        $zipFile->addFromString('../dir/./../../file.txt', 'contents');
+        $zipFile->extractTo($this->outputDirname);
+        $zipFile->close();
+
+        $expectedExtractedFile = $this->outputDirname . '/dir/file.txt';
+        self::assertTrue(is_file($expectedExtractedFile));
+    }
+}