From 6216a96ff8958ed36e973f5f23eaa1840db4dfef Mon Sep 17 00:00:00 2001
From: Husky <2466896229@qq.com>
Date: Thu, 24 Mar 2022 15:51:40 +0800
Subject: [PATCH] issue #I4ZDQI

---
 .../src/main/java/cn/hutool/core/compress/ZipReader.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java b/hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java
index 824a8328d..29b09746c 100755
--- a/hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java
+++ b/hutool-core/src/main/java/cn/hutool/core/compress/ZipReader.java
@@ -4,6 +4,7 @@ import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.io.IORuntimeException;
 import cn.hutool.core.io.IoUtil;
 import cn.hutool.core.lang.Filter;
+import cn.hutool.core.util.StrUtil;
 import cn.hutool.core.util.ZipUtil;
 
 import java.io.Closeable;
@@ -142,8 +143,10 @@ public class ZipReader implements Closeable {
 	public File readTo(File outFile, Filter<ZipEntry> entryFilter) throws IORuntimeException {
 		read((zipEntry) -> {
 			if (null == entryFilter || entryFilter.accept(zipEntry)) {
+				//gitee issue #I4ZDQI
+				String replace = StrUtil.replace(zipEntry.getName(), "*", "_");
 				// FileUtil.file会检查slip漏洞，漏洞说明见http://blog.nsfocus.net/zip-slip-2/
-				final File outItemFile = FileUtil.file(outFile, zipEntry.getName());
+				final File outItemFile = FileUtil.file(outFile, replace);
 				if (zipEntry.isDirectory()) {
 					// 目录
 					//noinspection ResultOfMethodCallIgnored