[Python-checkins] cpython (merge 3.3 -> default): Issue #6972: keep the warning about untrusted extraction and mention
gregory.p.smith
python-checkins at python.org
Fri Feb 8 07:18:39 CET 2013
http://hg.python.org/cpython/rev/f5e3f2f0fe79
changeset: 82066:f5e3f2f0fe79
parent: 82062:771a0317da83
parent: 82065:5fbca37de9b1
user: Gregory P. Smith <greg at krypto.org>
date: Thu Feb 07 22:17:21 2013 -0800
summary:
Issue #6972: keep the warning about untrusted extraction and mention
the version it was improved in.
files:
Doc/library/zipfile.rst | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/Doc/library/zipfile.rst b/Doc/library/zipfile.rst
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@ -260,8 +260,12 @@
be a subset of the list returned by :meth:`namelist`. *pwd* is the password
used for encrypted files.
- .. note::
+ .. warning::
+ Never extract archives from untrusted sources without prior inspection.
+ It is possible that files are created outside of *path*, e.g. members
+ that have absolute filenames starting with ``"/"`` or filenames with two
+ dots ``".."``. This module attempts to prevent that.
See :meth:`extract` note.
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list