Opened 5 years ago
Last modified 5 years ago
#32725 closed Uncategorized
Release notes for 2.2.21 are incomplete, or the code is too strict — at Version 2
| Reported by: | Ned Batchelder | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 2.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be rejected:
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
Is this level of strictness necessary?
Change History (2)
comment:1 by , 5 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 5 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.