[Python-checkins] r42508 - in python/trunk: Doc/lib/libzipfile.tex Lib/test/test_zipfile.py Lib/zipfile.py Misc/NEWS
georg.brandl
python-checkins at python.org
Mon Feb 20 09:40:44 CET 2006
Author: georg.brandl
Date: Mon Feb 20 09:40:38 2006
New Revision: 42508
Modified:
python/trunk/Doc/lib/libzipfile.tex
python/trunk/Lib/test/test_zipfile.py
python/trunk/Lib/zipfile.py
python/trunk/Misc/NEWS
Log:
Bug #1413790: zipfile now sanitizes absolute archive names that are
not allowed by the specs.
Modified: python/trunk/Doc/lib/libzipfile.tex
==============================================================================
--- python/trunk/Doc/lib/libzipfile.tex (original)
+++ python/trunk/Doc/lib/libzipfile.tex Mon Feb 20 09:40:38 2006
@@ -140,10 +140,13 @@
compress_type}}}
Write the file named \var{filename} to the archive, giving it the
archive name \var{arcname} (by default, this will be the same as
- \var{filename}). If given, \var{compress_type} overrides the value
+ \var{filename}, but without a drive letter and with leading path
+ separators removed). If given, \var{compress_type} overrides the value
given for the \var{compression} parameter to the constructor for
the new entry. The archive must be open with mode \code{'w'} or
- \code{'a'}.
+ \code{'a'}.
+ \note{Archive names should be relative to the archive root, that is,
+ they should not start with a path separator.}
\end{methoddesc}
\begin{methoddesc}{writestr}{zinfo_or_arcname, bytes}
Modified: python/trunk/Lib/test/test_zipfile.py
==============================================================================
--- python/trunk/Lib/test/test_zipfile.py (original)
+++ python/trunk/Lib/test/test_zipfile.py Mon Feb 20 09:40:38 2006
@@ -45,6 +45,16 @@
for f in (TESTFN2, TemporaryFile(), StringIO()):
self.zipTest(f, zipfile.ZIP_DEFLATED)
+ def testAbsoluteArcnames(self):
+ zipfp = zipfile.ZipFile(TESTFN2, "w", zipfile.ZIP_STORED)
+ zipfp.write(TESTFN, "/absolute")
+ zipfp.close()
+
+ zipfp = zipfile.ZipFile(TESTFN2, "r", zipfile.ZIP_STORED)
+ self.assertEqual(zipfp.namelist(), ["absolute"])
+ zipfp.close()
+
+
def tearDown(self):
os.remove(TESTFN)
os.remove(TESTFN2)
Modified: python/trunk/Lib/zipfile.py
==============================================================================
--- python/trunk/Lib/zipfile.py (original)
+++ python/trunk/Lib/zipfile.py Mon Feb 20 09:40:38 2006
@@ -397,9 +397,11 @@
date_time = mtime[0:6]
# Create ZipInfo instance to store file information
if arcname is None:
- zinfo = ZipInfo(filename, date_time)
- else:
- zinfo = ZipInfo(arcname, date_time)
+ arcname = filename
+ arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
+ while arcname[0] in (os.sep, os.altsep):
+ arcname = arcname[1:]
+ zinfo = ZipInfo(arcname, date_time)
zinfo.external_attr = (st[0] & 0xFFFF) << 16L # Unix attributes
if compress_type is None:
zinfo.compress_type = self.compression
Modified: python/trunk/Misc/NEWS
==============================================================================
--- python/trunk/Misc/NEWS (original)
+++ python/trunk/Misc/NEWS Mon Feb 20 09:40:38 2006
@@ -372,6 +372,12 @@
Library
-------
+- Bug #1413790: zipfile now sanitizes absolute archive names that are
+ not allowed by the specs.
+
+- Bug #1413790: zipfile now sanitizes absolute archive names that are
+ not allowed by the specs.
+
- Patch #1215184: FileInput now can be given an opening hook which can
be used to control how files are opened.
More information about the Python-checkins
mailing list