Release notes for 2.2.21 are incomplete, or the code is too strict
It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be rejected:
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
Is this level of strictness necessary?
Change History
(5)
Description: |
modified (diff)
|
Description: |
modified (diff)
|
Description: |
modified (diff)
|
Resolution: |
→ duplicate
|
Status: |
new → closed
|
Looks like this is a dup of https://code.djangoproject.com/ticket/32718