Message 214093 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	r.david.murray
Recipients	docs@python, eric.araujo, peter@psantoro.net, pitrou, r.david.murray
Date	2014年03月19日.13:19:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1395235145.5.0.178866776252.issue20907@psf.upfronthosting.co.za>

Content
First step would be to get rid of the warning in the zipfile docs and replace it with the info that the absolute path '/' and any relative path are stripped silently before the file is extracted. It would also be worth adding an enhancement to zipfile to optionally not do it silently. I hope the same considerations apply to tarfile, but I haven't checked. In other words, I do think that code is a holdover from when zipfile wasn't safe, but since I didn't write it I don't know for sure.

Content

First step would be to get rid of the warning in the zipfile docs and replace it with the info that the absolute path '/' and any relative path are stripped silently before the file is extracted.
It would also be worth adding an enhancement to zipfile to optionally not do it silently.
I hope the same considerations apply to tarfile, but I haven't checked.
In other words, I do think that code is a holdover from when zipfile *wasn't* safe, but since I didn't write it I don't know for sure.

History
Date	User	Action	Args
2014年03月19日 13:19:05	r.david.murray	set	recipients: + r.david.murray, pitrou, eric.araujo, docs@python, peter@psantoro.net
2014年03月19日 13:19:05	r.david.murray	set	messageid: <1395235145.5.0.178866776252.issue20907@psf.upfronthosting.co.za>
2014年03月19日 13:19:05	r.david.murray	link	issue20907 messages
2014年03月19日 13:19:05	r.david.murray	create

homepage