From 88445219ec0690c126a8d55abff6c8900bbc9cb4 Mon Sep 17 00:00:00 2001
From: Mathijs van de Nes <git@mathijs.vd-nes.nl>
Date: Sun, 12 Feb 2017 17:05:21 +0100
Subject: [PATCH] Only allow path::Component::Normal when extracting

Previously, Component::Root and Component::Prefix where still allowed.
This meant some files could be extracted to a location outside the current directory.
Only safe components are Normal and Curdir, but since Curdir does not do anything we filter it aswell.

Resolves #27
---
 examples/extract.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/examples/extract.rs b/examples/extract.rs
index 25cadb54..619235f0 100644
--- a/examples/extract.rs
+++ b/examples/extract.rs
@@ -89,7 +89,10 @@ fn sanitize_filename(filename: &str) -> std::path::PathBuf
 
     std::path::Path::new(no_null_filename)
         .components()
-        .filter(|component| *component != std::path::Component::ParentDir)
+        .filter(|component| match *component {
+            std::path::Component::Normal(..) => true,
+            _ => false
+        })
         .fold(std::path::PathBuf::new(), |mut path, ref cur| {
             path.push(cur.as_os_str());
             path