[issue4489] shutil.rmtree is vulnerable to a symlink attack

[Larry Hastings]

Larry Hastings <larry at hastings.org> added the comment:

Your deduction is correct.  listdir can't tell what the original argument type was based on the output--path_converter abstracts away those details.  So it separately tests the type of the first argument.  Staring at it again it's about as clear as mud, but the goal was, the output is always strings unless the user specified "path" as bytes.

I'll make a separate issue regarding making the code easier to read and adding a clarification to the documentation.  We should spare future programmers from having to guess at this behavior :)

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4489>
_______________________________________