Also detect malicious paths on Windows

pear · Jan 2, 2019 · 932afd4 · 932afd4
1 parent 63b5f9f
commit 932afd4
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Archive/Tar.php b/Archive/Tar.php
@@ -1770,10 +1770,10 @@ private function _maliciousFilename($file)
         if (strpos($file, 'phar://') === 0) {
             return true;
         }
-        if (strpos($file, '/../') !== false) {
+        if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
             return true;
         }
-        if (strpos($file, '../') === 0) {
+        if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
             return true;
         }
         return false;