Opened 4 years ago
Last modified 4 years ago
#32725 closed Uncategorized
Release notes for 2.2.21 are incomplete, or the code is too strict — at Initial Version
| Reported by: | Ned Batchelder | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 2.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be rejected:
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
Is this level of strictness necessary?
Note:
See TracTickets
for help on using tickets.