Merge pull request #6193 from rolandwalker/double_dot_is_relative

protect against inner ".." in uninstall paths

lib/cask/artifact/uninstall_base.rb

@@ -15,9 +15,9 @@ def self.expand_path_strings(path_strings)
   end
 
   def self.remove_relative_path_strings(action, path_strings)
-    relative = path_strings.reject do |path_string|
-      %r{\A/}.match(path_string)
-    end
+    relative = path_strings.map do |path_string|
+      path_string if %r{/\.\.(?:/|\Z)}.match(path_string) or ! %r{\A/}.match(path_string)
+    end.compact
     relative.each do |path_string|
       opoo %Q{Skipping #{action} for relative path #{path_string}}
     end

test/support/Casks/with-installable.rb

@@ -10,5 +10,6 @@ class WithInstallable < TestCask
                         '/permissible/absolute/path',
                         '~/impermissible/path/with/tilde',
                         'impermissible/relative/path',
+                        '/another/impermissible/../relative/path',
                        ]
 end