Opened 4 years ago
Last modified 4 years ago
#32725 closed Uncategorized
Release notes for 2.2.21 are incomplete, or the code is too strict — at Version 3
Reported by: | Ned Batchelder | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 2.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
It seems to me that the release note for 2.2.21 is incomplete. It says, "Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be rejected:
if name != os.path.basename(name): raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
Is this level of strictness necessary?
Change History (3)
comment:1 by , 4 years ago
Description: | modified (diff) |
---|
comment:2 by , 4 years ago
Description: | modified (diff) |
---|
comment:3 by , 4 years ago
Description: | modified (diff) |
---|
Note:
See TracTickets
for help on using tickets.