[Python-checkins] cpython (merge 3.2 -> 3.3): Issue #6972: keep the warning about untrusted extraction and mention
gregory.p.smith
python-checkins at python.org
Fri Feb 8 07:18:38 CET 2013
http://hg.python.org/cpython/rev/5fbca37de9b1
changeset: 82065:5fbca37de9b1
branch: 3.3
parent: 82061:3942c20bebdb
parent: 82064:1c2d41850147
user: Gregory P. Smith <greg at krypto.org>
date: Thu Feb 07 22:15:51 2013 -0800
summary:
Issue #6972: keep the warning about untrusted extraction and mention
the version it was improved in.
files:
Doc/library/zipfile.rst | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -260,9 +260,15 @@
be a subset of the list returned by :meth:`namelist`. *pwd* is the password
used for encrypted files.
- .. note::
+ .. warning::
- See :meth:`extract` note.
+ Never extract archives from untrusted sources without prior inspection.
+ It is possible that files are created outside of *path*, e.g. members
+ that have absolute filenames starting with ``"/"`` or filenames with two
+ dots ``".."``.
+
+ .. versionchanged:: 3.3.1
+ The zipfile module attempts to prevent that. See :meth:`extract` note.
.. method:: ZipFile.printdir()
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list