Message 173478 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	amaury.forgeotdarc, serhiy.storchaka, zhigang
Date	2012-10-21.20:16:28
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1350850588.68.0.241826980062.issue10905@psf.upfronthosting.co.za>
In-reply-to

Content
Some comments to patch. + arcname = os.path.sep.join([x for x in arcname.split(os.path.sep) + if x != '..']) File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by this code. + while arcname[0] in (os.sep, os.altsep): + arcname = arcname[1:] It will not save from filenames containing drive letter: 'C:/Windows/python.exe'.

Some comments to patch.

+        arcname = os.path.sep.join([x for x in arcname.split(os.path.sep)
+                                    if x != '..'])

File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by this code.

+        while arcname[0] in (os.sep, os.altsep):
+            arcname = arcname[1:]

It will not save from filenames containing drive letter: 'C:/Windows/python.exe'.

History
Date	User	Action	Args
2012-10-21 20:16:28	serhiy.storchaka	set	recipients: + serhiy.storchaka, amaury.forgeotdarc, zhigang
2012-10-21 20:16:28	serhiy.storchaka	set	messageid: <1350850588.68.0.241826980062.issue10905@psf.upfronthosting.co.za>
2012-10-21 20:16:28	serhiy.storchaka	link	issue10905 messages
2012-10-21 20:16:28	serhiy.storchaka	create