[docs] Currently there is no warning in the python doc that using open() on user or other controlled filenames is dangerous.
dave b
db.pub.mail at gmail.com
Mon May 10 07:37:59 CEST 2010
Currently there is no warning in the python doc that using open() on
user or other controlled filenames is dangerous.
I think that a warning should be in the documentation to say that if
you are using open() and you do not have a set file parameter
(hard-coded) then you *SHOULD* check the filename will not escape or
point to places that are not desired.
Personally I feel that python should have an open() argument to say
"do not go out side FOO directory".
More information about the docs
mailing list