[Python-checkins] r88794 - sandbox/trunk/setuptools/setuptools/archive_util.py
phillip.eby
python-checkins at python.org
Wed Mar 23 21:56:29 CET 2011
Author: phillip.eby
Date: Wed Mar 23 21:56:29 2011
New Revision: 88794
Log:
Fix rejecting filenames with '..' in them
Modified:
sandbox/trunk/setuptools/setuptools/archive_util.py
Modified: sandbox/trunk/setuptools/setuptools/archive_util.py
==============================================================================
--- sandbox/trunk/setuptools/setuptools/archive_util.py (original)
+++ sandbox/trunk/setuptools/setuptools/archive_util.py Wed Mar 23 21:56:29 2011
@@ -138,7 +138,7 @@
name = info.filename
# don't extract absolute paths or ones with .. in them
- if name.startswith('/') or '..' in name:
+ if name.startswith('/') or '..' in name.split('/'):
continue
target = os.path.join(extract_dir, *name.split('/'))
@@ -180,7 +180,7 @@
for member in tarobj:
name = member.name
# don't extract absolute paths or ones with .. in them
- if not name.startswith('/') and '..' not in name:
+ if not name.startswith('/') and '..' not in name.split('/'):
dst = os.path.join(extract_dir, *name.split('/'))
while member is not None and (member.islnk() or member.issym()):
linkpath = member.linkname
More information about the Python-checkins
mailing list