Message369971
> It is not obvious to me that zipfile._extract_member() together with
(for windows) zipfile._sanitize_windows_name() have handled everything
that could happen.
What hasn't been handled then?
What is the safe way to use it?
I think documenting "this function is unsafe" without suggesting a replacement or a safe way to use it isn't very constructive: as a developer, I want to extract a zip archive, but the only function supposed to do the job tells me "this is unsafe". Ok, so what am I supposed to do to be safe?
That's what documentation should tell me, not let me puzzled with doubt.
> May I suggest that out of caution we leave it as it is?
I don't think the situation should stay like this.
- either the documentation should be more precise on what are the problems that can occur, and how to handle those problems
- or better, the function should be fixed and made fully safe, so all programs using it are safe (and the warning can be removed) |
|
Date |
User |
Action |
Args |
2020-05-26 11:47:41 | VA | set | recipients:
+ VA, docs@python, amaajemyfren |
2020-05-26 11:47:41 | VA | set | messageid: <1590493661.5.0.153351512966.issue40763@roundup.psfhosted.org> |
2020-05-26 11:47:41 | VA | link | issue40763 messages |
2020-05-26 11:47:41 | VA | create | |
|