Message 157778 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	amaury.forgeotdarc, gregory.p.smith, ned.deily, r.david.murray, schmir, serhiy.storchaka, twb
Date	2012-04-08.06:56:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1333868208.35.0.161512154373.issue6972@psf.upfronthosting.co.za>
In-reply-to

Content
> + # make sure the zip file isn't traversing out of the path > + if not targetpath.startswith(basepath): Check is insufficient. basepath='/etc/asd', member.filename='../asdfgh'. The issue10905 has relations with this issue. P. S. Viewing patches in this issue is not working.

> +        # make sure the zip file isn't traversing out of the path
> +        if not targetpath.startswith(basepath):

Check is insufficient. basepath='/etc/asd', member.filename='../asdfgh'.

The issue10905 has relations with this issue.

P. S. Viewing patches in this issue is not working.

History
Date	User	Action	Args
2012-04-08 06:56:48	serhiy.storchaka	set	recipients: + serhiy.storchaka, gregory.p.smith, amaury.forgeotdarc, schmir, ned.deily, r.david.murray, twb
2012-04-08 06:56:48	serhiy.storchaka	set	messageid: <1333868208.35.0.161512154373.issue6972@psf.upfronthosting.co.za>
2012-04-08 06:56:47	serhiy.storchaka	link	issue6972 messages
2012-04-08 06:56:47	serhiy.storchaka	create