Serhiy Storchaka added the comment: Some comments to patch.
+ arcname = os.path.sep.join([x for x in arcname.split(os.path.sep) + if x != '..']) File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by this code. + while arcname[0] in (os.sep, os.altsep): + arcname = arcname[1:] It will not save from filenames containing drive letter: 'C:/Windows/python.exe'. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10905> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
