Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#32725 closed Uncategorized (duplicate)

Release notes for 2.2.21 are incomplete, or the code is too strict

Reported by: Ned Batchelder Owned by: nobody
Component: Uncategorized Version: 2.2
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Ned Batchelder)

It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."

But it's stricter than that: any path component causes the path to be rejected:

if name != os.path.basename(name):
    raise SuspiciousFileOperation("File name '%s' includes path elements" % name)

Is this level of strictness necessary?

Change History (5)

comment:1 by Ned Batchelder, 4 years ago

Description: modified (diff)

comment:2 by Ned Batchelder, 4 years ago

Description: modified (diff)

comment:3 by Ned Batchelder, 4 years ago

Description: modified (diff)

comment:4 by Ned Batchelder, 4 years ago

Looks like this is a dup of #32718.

Last edited 4 years ago by Tim Graham (previous) (diff)

comment:5 by Ned Batchelder, 4 years ago

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.
Back to Top