- Changed the visibility of
isValidPath(). Also, added a phpdoc to warn about subclassing and overriding this method. To re-iterate, the .zip file is untrusted input. We check for absolute path (i.e., leading slash), possible directory traversal attack (i.e., '..'), and use of PHP wrappers (i.e., ':'). - Added an optional
$continueOnErrorparameter to theextract()method. For backward compatibility, it defaults tofalse.