Opened 4 years ago
Last modified 4 years ago
#32725 closed Uncategorized
Release notes for 2.2.21 are incomplete, or the code is too strict — at Version 1
Reported by: | Ned Batchelder | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 2.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be rejected:
`
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
`
Is this level of strictness necessary?
Note:
See TracTickets
for help on using tickets.