Use new tarfile.extractall() filter for safer tarfile extraction

The tarfile.extractall() filter argument was introduced in the most
recent CPython releases (e.g., 3.11.4) to avoid potential security
issues when extracting from potentially hostile tarballs.  Let's use
this option if it is available and provide a warning if it is now.

wx/tools/wxget_docs_demo.py

@@ -33,6 +33,7 @@ import os
 import subprocess
 import webbrowser
 import tarfile
+import warnings
 if sys.version_info >= (3,):
     from urllib.error import HTTPError
     import urllib.request as urllib2
@@ -84,7 +85,11 @@ def unpack_cached(cached, dest_dir):
     """ Unpack from the cache."""
     print('Unpack', cached, 'to', dest_dir)
     with tarfile.open(cached, "r:*") as tf:
-        tf.extractall(dest_dir)
+        try:
+            tf.extractall(dest_dir, filter='data')
+        except TypeError:
+            warnings.warn('Falling back to less safe tarfile.extractall')
+            tf.extractall(dest_dir)
     dest_dir = os.listdir(dest_dir)[0]
     return dest_dir