Message 214093 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	r.david.murray
Recipients	docs@python, eric.araujo, [email protected], pitrou, r.david.murray
Date	2014-03-19.13:19:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<[email protected]>
In-reply-to

Content
First step would be to get rid of the warning in the zipfile docs and replace it with the info that the absolute path '/' and any relative path are stripped silently before the file is extracted. It would also be worth adding an enhancement to zipfile to optionally not do it silently. I hope the same considerations apply to tarfile, but I haven't checked. In other words, I do think that code is a holdover from when zipfile wasn't safe, but since I didn't write it I don't know for sure.

First step would be to get rid of the warning in the zipfile docs and replace it with the info that the absolute path '/' and any relative path are stripped silently before the file is extracted.

It would also be worth adding an enhancement to zipfile to optionally not do it silently.

I hope the same considerations apply to tarfile, but I haven't checked.

In other words, I do think that code is a holdover from when zipfile *wasn't* safe, but since I didn't write it I don't know for sure.

History
Date	User	Action	Args
2014-03-19 13:19:05	r.david.murray	set	recipients: + r.david.murray, pitrou, eric.araujo, docs@python, [email protected]
2014-03-19 13:19:05	r.david.murray	set	messageid: <[email protected]>
2014-03-19 13:19:05	r.david.murray	link	issue20907 messages
2014-03-19 13:19:05	r.david.murray	create