This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author schmir
Recipients schmir, twb
Date 2009-09-29.09:46:02
SpamBayes Score 2.7402399e-08
Marked as misclassified No
Message-id <1254217563.75.0.237130006526.issue6972@psf.upfronthosting.co.za>
In-reply-to
Content
I think this should clearly be fixed in the code. The current code tries
to handle absolute paths by removing the first slash (unfortunately not
the second), so it looks like it tries to be safe and only write to the
destination directory. That should be the default operation.
I even think that there should be *no* option to allow overriding files
outside the destination path (on unix one can always use / as
destination if he feels like overwriting his /etc/passwd)
The documentation should also mention that it's unsafe to use this
method in python <2.6.2.
History
Date User Action Args
2009-09-29 09:46:03schmirsetrecipients: + schmir, twb
2009-09-29 09:46:03schmirsetmessageid: <1254217563.75.0.237130006526.issue6972@psf.upfronthosting.co.za>
2009-09-29 09:46:02schmirlinkissue6972 messages
2009-09-29 09:46:02schmircreate