cmb69/.patch Secret

## .patch
From 4db35baad4657ababb20e95c3e3c076953e0c261 Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Mon, 6 Sep 2021 17:42:46 +0200
Subject: [PATCH] Fix #81420: ZipArchive::extractTo extracts outside of
 destination

We need to properly detect and handle absolute paths in a portable way.
---
 ext/zip/php_zip.c           |   4 ++--
 ext/zip/tests/bug81420.phpt |  24 ++++++++++++++++++++++++
 ext/zip/tests/bug81420.zip  | Bin 0 -> 218 bytes
 3 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100644 ext/zip/tests/bug81420.phpt
 create mode 100644 ext/zip/tests/bug81420.zip

diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
index 2a2577de22..57aa4df34f 100644
--- a/ext/zip/php_zip.c
+++ b/ext/zip/php_zip.c
@@ -102,8 +102,8 @@ static char * php_zip_make_relative_path(char *path, size_t path_len) /* {{{ */
 		return NULL;
 	}

-	if (IS_SLASH(path[0])) {
-		return path + 1;
+	if (IS_ABSOLUTE_PATH(path, path_len)) {
+		return path + COPY_WHEN_ABSOLUTE(path) + 1;
 	}

 	i = path_len;
diff --git a/ext/zip/tests/bug81420.phpt b/ext/zip/tests/bug81420.phpt
new file mode 100644
index 0000000000..9eec0ee7e9
--- /dev/null
+++ b/ext/zip/tests/bug81420.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Bug #81420 (ZipArchive::extractTo extracts outside of destination)
+--SKIPIF--
+<?php
+if (!extension_loaded("zip")) die("skip zip extension not available");
+?>
+--FILE--
+<?php
+$zip = new ZipArchive();
+$zip->open(__DIR__ . "/bug81420.zip");
+$destination = __DIR__ . "/bug81420";
+mkdir($destination);
+$zip->extractTo($destination);
+var_dump(file_exists("$destination/nt1/zzr_noharm.php"));
+?>
+--CLEAN--
+<?php
+$destination = __DIR__ . "/bug81420";
+@unlink("$destination/nt1/zzr_noharm.php");
+@rmdir("$destination/nt1");
+@rmdir($destination);
+?>
+--EXPECT--
+bool(true)
diff --git a/ext/zip/tests/bug81420.zip b/ext/zip/tests/bug81420.zip
new file mode 100644
index 0000000000000000000000000000000000000000..2e9686cb98ab15e5703d48bf52c4b9982b7bb05d
GIT binary patch
literal 218
zcmWIWW@Zs#U|`^2n7vFnxPkd=j|Pxu1jJ%Mtgol1pI2h2UsY8UpO>GJSd^<*kWp}Y
z?HTVgzGrpTt<vf`fBL+K&Z(=~Co}>!Yz=<!^wRaqm(Ob(UU8qw%n;zs$Rxsm%XAf>
w`5>SGCUM!t1(j!HkYET}w`}&I1=ks$?*BU(nGWz~Wdj+)2!t6xItFYa0HHoW;{X5v

literal 0
HcmV?d00001

--
2.33.0.windows.1
	From 4db35baad4657ababb20e95c3e3c076953e0c261 Mon Sep 17 00:00:00 2001
	From: "Christoph M. Becker" <cmbecker69@gmx.de>
	Date: Mon, 6 Sep 2021 17:42:46 +0200
	Subject: [PATCH] Fix #81420: ZipArchive::extractTo extracts outside of
	destination

	We need to properly detect and handle absolute paths in a portable way.
	---
	ext/zip/php_zip.c \| 4 ++--
	ext/zip/tests/bug81420.phpt \| 24 ++++++++++++++++++++++++
	ext/zip/tests/bug81420.zip \| Bin 0 -> 218 bytes
	3 files changed, 26 insertions(+), 2 deletions(-)
	create mode 100644 ext/zip/tests/bug81420.phpt
	create mode 100644 ext/zip/tests/bug81420.zip

	diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c
	index 2a2577de22..57aa4df34f 100644
	--- a/ext/zip/php_zip.c
	+++ b/ext/zip/php_zip.c
	@@ -102,8 +102,8 @@ static char * php_zip_make_relative_path(char path, size_t path_len) / {{{ */
	return NULL;
	}

	- if (IS_SLASH(path[0])) {
	- return path + 1;
	+ if (IS_ABSOLUTE_PATH(path, path_len)) {
	+ return path + COPY_WHEN_ABSOLUTE(path) + 1;
	}

	i = path_len;
	diff --git a/ext/zip/tests/bug81420.phpt b/ext/zip/tests/bug81420.phpt
	new file mode 100644
	index 0000000000..9eec0ee7e9
	--- /dev/null
	+++ b/ext/zip/tests/bug81420.phpt
	@@ -0,0 +1,24 @@
	+--TEST--
	+Bug #81420 (ZipArchive::extractTo extracts outside of destination)
	+--SKIPIF--
	+<?php
	+if (!extension_loaded("zip")) die("skip zip extension not available");
	+?>
	+--FILE--
	+<?php
	+$zip = new ZipArchive();
	+$zip->open(__DIR__ . "/bug81420.zip");
	+$destination = __DIR__ . "/bug81420";
	+mkdir($destination);
	+$zip->extractTo($destination);
	+var_dump(file_exists("$destination/nt1/zzr_noharm.php"));
	+?>
	+--CLEAN--
	+<?php
	+$destination = __DIR__ . "/bug81420";
	+@unlink("$destination/nt1/zzr_noharm.php");
	+@rmdir("$destination/nt1");
	+@rmdir($destination);
	+?>
	+--EXPECT--
	+bool(true)
	diff --git a/ext/zip/tests/bug81420.zip b/ext/zip/tests/bug81420.zip
	new file mode 100644
	index 0000000000000000000000000000000000000000..2e9686cb98ab15e5703d48bf52c4b9982b7bb05d
	GIT binary patch
	literal 218
	zcmWIWW@Zs#U\|`^2n7vFnxPkd=j\|Pxu1jJ%Mtgol1pI2h2UsY8UpO>GJSd^<*kWp}Y
	z?HTVgzGrpTt<vf`fBL+K&Z(=~Co}>!Yz=<!^wRaqm(Ob(UU8qw%n;zs$Rxsm%XAf>
	w`5>SGCUM!t1(j!HkYET}w`}&I1=ks$?*BU(nGWz~Wdj+)2!t6xItFYa0HHoW;{X5v

	literal 0
	HcmV?d00001

	--
	2.33.0.windows.1