Patching Zip Traversal within pclzip

Refs https://snoopysecurity.github.io/application-security/2020/03/01/10_patching_zip_traversal_pclzip.html

pclzip.lib.php

@@ -3513,6 +3513,12 @@ public function privExtractFile(&$p_entry, $p_path, $p_remove_path, $p_remove_al
             }
         }
 
+        // Patch for Zip Traversal vulnerability
+        if (strpos($p_entry['stored_filename'], '../') !== false || strpos($p_entry['stored_filename'], '..\\') !== false) {
+            $p_entry['stored_filename'] = basename($p_entry['stored_filename']);
+            $p_entry['filename'] = basename($p_entry['stored_filename']);
+        }
+
         // ----- Add the path
         if ($p_path != '') {
             $p_entry['filename'] = $p_path . "/" . $p_entry['filename'];