[Python-checkins] cpython (3.2): Issue #6972: keep the warning about untrusted extraction and mention
gregory.p.smith
python-checkins at python.org
Fri Feb 8 07:18:36 CET 2013
http://hg.python.org/cpython/rev/1c2d41850147
changeset: 82064:1c2d41850147
branch: 3.2
parent: 82060:28229bdb1571
user: Gregory P. Smith <greg at krypto.org>
date: Thu Feb 07 22:15:04 2013 -0800
summary:
Issue #6972: keep the warning about untrusted extraction and mention
the version it was improved in.
files:
Doc/library/zipfile.rst | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -232,9 +232,15 @@
be a subset of the list returned by :meth:`namelist`. *pwd* is the password
used for encrypted files.
- .. note::
+ .. warning::
- See :meth:`extract` note.
+ Never extract archives from untrusted sources without prior inspection.
+ It is possible that files are created outside of *path*, e.g. members
+ that have absolute filenames starting with ``"/"`` or filenames with two
+ dots ``".."``.
+
+ .. versionchanged:: 3.2.4
+ The zipfile module attempts to prevent that. See :meth:`extract` note.
.. method:: ZipFile.printdir()
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list