From 0b46263eac1541d885dcee65582e2726056acd1a Mon Sep 17 00:00:00 2001
From: Marli Frost <marli@frost.red>
Date: Wed, 19 Aug 2020 14:02:35 +0100
Subject: [PATCH] fix: ZipArchive::extract incomplete

Path sanitization needs to be implemented before we can make this public
---
 src/read.rs      |  9 +++++++--
 tests/extract.rs | 10 +++++-----
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/src/read.rs b/src/read.rs
index 2368ab64..ab310132 100644
--- a/src/read.rs
+++ b/src/read.rs
@@ -322,10 +322,14 @@ impl<R: Read + io::Seek> ZipArchive<R> {
     /// # Platform-specific behaviour
     ///
     /// On unix systems permissions from the zip file are preserved, if they exist.
-    pub fn extract<P: AsRef<Path>>(&mut self, directory: P) -> ZipResult<()> {
+    // FIXME: Implement path sanitization to allow this to be public API.
+    //        This probably means failing on paths that would escape the directory
+    #[allow(dead_code)]
+    fn extract<P: AsRef<Path>>(&mut self, directory: P) -> ZipResult<()> {
         for i in 0..self.len() {
             let mut file = self.by_index(i)?;
-            let filepath = file.sanitized_name();
+            let filepath: std::path::PathBuf =
+                (|| unimplemented!("the sanitized path of {}", file.name()))();
 
             let outpath = directory.as_ref().join(filepath);
 
@@ -936,6 +940,7 @@ mod test {
 
         for i in 0..zip.len() {
             let zip_file = zip.by_index(i).unwrap();
+            #[allow(deprecated)]
             let full_name = zip_file.sanitized_name();
             let file_name = full_name.file_name().unwrap().to_str().unwrap();
             assert!(
diff --git a/tests/extract.rs b/tests/extract.rs
index f71c9822..2f05e1df 100644
--- a/tests/extract.rs
+++ b/tests/extract.rs
@@ -2,20 +2,20 @@ extern crate zip;
 
 use std::fs;
 use std::io;
-use std::path::PathBuf;
 
 use zip::ZipArchive;
 
 // This tests extracting the contents of a zip file
 #[test]
+#[ignore]
 fn extract() {
     let mut v = Vec::new();
     v.extend_from_slice(include_bytes!("../tests/data/files_and_dirs.zip"));
-    let mut archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file");
+    let mut _archive = ZipArchive::new(io::Cursor::new(v)).expect("couldn't open test zip file");
 
-    archive
-        .extract(&PathBuf::from("test_directory"))
-        .expect("extract failed");
+    // archive
+    //     .extract("test_directory")
+    //     .expect("extract failed");
 
     // Cleanup
     fs::remove_dir_all("test_directory").expect("failed to remove extracted files");