Message 157778 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	serhiy.storchaka
Recipients	amaury.forgeotdarc, gregory.p.smith, ned.deily, r.david.murray, schmir, serhiy.storchaka, twb
Date	2012年04月08日.06:56:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1333868208.35.0.161512154373.issue6972@psf.upfronthosting.co.za>

Content
> + # make sure the zip file isn't traversing out of the path > + if not targetpath.startswith(basepath): Check is insufficient. basepath='/etc/asd', member.filename='../asdfgh'. The issue10905 has relations with this issue. P. S. Viewing patches in this issue is not working.

Content

> + # make sure the zip file isn't traversing out of the path
> + if not targetpath.startswith(basepath):
Check is insufficient. basepath='/etc/asd', member.filename='../asdfgh'.
The issue10905 has relations with this issue.
P. S. Viewing patches in this issue is not working.

History
Date	User	Action	Args
2012年04月08日 06:56:48	serhiy.storchaka	set	recipients: + serhiy.storchaka, gregory.p.smith, amaury.forgeotdarc, schmir, ned.deily, r.david.murray, twb
2012年04月08日 06:56:48	serhiy.storchaka	set	messageid: <1333868208.35.0.161512154373.issue6972@psf.upfronthosting.co.za>
2012年04月08日 06:56:47	serhiy.storchaka	link	issue6972 messages
2012年04月08日 06:56:47	serhiy.storchaka	create

homepage