Message 173478 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	serhiy.storchaka
Recipients	amaury.forgeotdarc, serhiy.storchaka, zhigang
Date	2012年10月21日.20:16:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1350850588.68.0.241826980062.issue10905@psf.upfronthosting.co.za>

Content
Some comments to patch. + arcname = os.path.sep.join([x for x in arcname.split(os.path.sep) + if x != '..']) File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by this code. + while arcname[0] in (os.sep, os.altsep): + arcname = arcname[1:] It will not save from filenames containing drive letter: 'C:/Windows/python.exe'.

Content

Some comments to patch.
+ arcname = os.path.sep.join([x for x in arcname.split(os.path.sep)
+ if x != '..'])
File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by this code.
+ while arcname[0] in (os.sep, os.altsep):
+ arcname = arcname[1:]
It will not save from filenames containing drive letter: 'C:/Windows/python.exe'.

History
Date	User	Action	Args
2012年10月21日 20:16:28	serhiy.storchaka	set	recipients: + serhiy.storchaka, amaury.forgeotdarc, zhigang
2012年10月21日 20:16:28	serhiy.storchaka	set	messageid: <1350850588.68.0.241826980062.issue10905@psf.upfronthosting.co.za>
2012年10月21日 20:16:28	serhiy.storchaka	link	issue10905 messages
2012年10月21日 20:16:28	serhiy.storchaka	create

homepage