extractArchiveToDisk() and extractFileToDisk() should not create/overwrite files outside outputPath

[sohomdatta1]

When a malicious zip file (containing a file with a filename like ../../../tmp/abc (say)) is passed into the functions extractArchiveToDisk() or extractFileToDisk(), the functions will write to files outside the given output path.

When used as part of a program, this could cause remote code execution since a malicious user could overwrite a file like /home/user/.bashrc and execute arbitrary code whenever the bash shell executes.