vim-patch:9.1.1198: [security]: potential data loss with zip.vim (#32867)

Problem:  [security]: potential data loss with zip.vim and special
          crafted zip files (RyotaK)
Solution: use glob '[-]' to protect filenames starting with '-'

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf

https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531

Co-authored-by: Christian Brabandt <cb@256bit.org>

2 files changed, 23 insertions, 0 deletions

diff --git a/test/old/testdir/samples/poc.zip b/test/old/testdir/samples/poc.zip
new file mode 100644
index 0000000000..8b2b44b96a
--- /dev/null
+++ b/test/old/testdir/samples/poc.zip
diff --git a/test/old/testdir/test_plugin_zip.vim b/test/old/testdir/test_plugin_zip.vim
index a817d8371e..ba0a6778bc 100644
--- a/test/old/testdir/test_plugin_zip.vim
+++ b/test/old/testdir/test_plugin_zip.vim
@@ -235,3 +235,26 @@ func Test_zip_glob_fname()
 
   bw
 endfunc
+
+func Test_zip_fname_leading_hyphen()
+  CheckNotMSWindows
+
+  "## copy sample zip file
+  if !filecopy("samples/poc.zip", "X.zip")
+    call assert_report("Can't copy samples/poc.zip")
+    return
+  endif
+  defer delete("X.zip")
+  defer delete('-d', 'rf')
+  defer delete('/tmp/pwned', 'rf')
+
+  e X.zip
+
+  :1
+  let fname = '-d/tmp'
+  call search('\V' .. fname)
+  normal x
+  call assert_true(filereadable('-d/tmp'))
+  call assert_false(filereadable('/tmp/pwned'))
+  bw
+endfunc