3 Nov
2006
3 Nov
'06
9:38 p.m.
Steve Holden wrote:
Having said this, Andrew *did* demonstrate quite convincingly that the current urljoin has some fairly egregious directory traversal glitches. Is it really right to punt obvious gotchas like
urlparse.urljoin("http://blah.com/a/b/c", "../../../../")
to the server?
See Paul Jimenez's thread about replacing urlparse with something better. The current module has some serious issues :) Cheers, Nick. -- Nick Coghlan | ncoghlan@gmail.com | Brisbane, Australia --------------------------------------------------------------- http://www.boredomandlaziness.org