From 932afd439067a3c5bb3e2a1fb35aa0e1882a5f4c Mon Sep 17 00:00:00 2001
From: Michiel Rook <mrook@php.net>
Date: Wed, 2 Jan 2019 22:44:59 +0100
Subject: [PATCH] Also detect malicious paths on Windows

---
 Archive/Tar.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Archive/Tar.php b/Archive/Tar.php
index efa394a..68bdffe 100644
--- a/Archive/Tar.php
+++ b/Archive/Tar.php
@@ -1770,10 +1770,10 @@ private function _maliciousFilename($file)
         if (strpos($file, 'phar://') === 0) {
             return true;
         }
-        if (strpos($file, '/../') !== false) {
+        if (strpos($file, DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR) !== false) {
             return true;
         }
-        if (strpos($file, '../') === 0) {
+        if (strpos($file, '..' . DIRECTORY_SEPARATOR) === 0) {
             return true;
         }
         return false;