[issue6972] zipfile.ZipFile overwrites files outside destination path
Amaury Forgeot d'Arc
report at bugs.python.org
Thu Oct 1 00:50:50 CEST 2009
Amaury Forgeot d'Arc <amauryfa at gmail.com> added the comment:
The patch won't work if the target file already exists as a symlink.
I think that such a check is not a good idea. Using symlinks to extract files
to somewhere else may be a feature, after all. Specially if the symlink
already exists before the operation. Some real-case example:
/home/xxx/bin --> symlink to /someotherpath/bin
/home/xxx/lib --> symlink to /someotherpath/lib
Now I want to extract "lib/libXXX.so" into "/home/xxx"
I suggest to only update the documentation with a warning, similar to the one
for the tarfile module.
Python tracker <report at bugs.python.org>
More information about the Python-bugs-list