Fix #315 and resolve relative path vulnerability

Author: simonoff

lib/zip/entry.rb

@@ -150,6 +150,11 @@ def next_header_offset #:nodoc:all
     def extract(dest_path = @name, &block)
       block ||= proc { ::Zip.on_exists_proc }
 
+      if @name.squeeze('/') =~ /\.{2}(?:\/|\z)/
+        puts "WARNING: skipped \"../\" path component(s) in #{@name}"
+        return self
+      end
+
       if directory? || file? || symlink?
         __send__("create_#{@ftype}", dest_path, &block)
       else