Ondrej Holy authored Mar 11, 2021 and Paolo Bacchilega committed Apr 05, 2021

Currently, it is still possible that some files are extracted outside of
the destination dir in case of malicious archives. The checks from commit
21dfcdbf can be still bypassed in certain cases. See #108
for more details. After some investigation, I am convinced that it would be
best to simply disallow symlinks in parents. For example, `tar` fails to
extract such files with the `ENOTDIR` error. Let's do the same here.

Fixes: #108