subject:"\[issue10905\] zipfile\: fix arcname with leading '\/\/\/' or '..'"

[issue10905] zipfile: fix arcname with leading '///' or '..'

2013-01-26 Thread Serhiy Storchaka

Changes by Serhiy Storchaka : -- stage: -> committed/rejected status: pending -> closed ___ Python tracker ___ ___ Python-bugs-list m

[issue10905] zipfile: fix arcname with leading '///' or '..'

2012-10-22 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: I'm going to close this issue as a duplicate of issue6972. Issue6972 is older and has a larger discussion. Thank you for patch and research, Zhigang Wang. I will use it for the new patch. -- resolution: -> duplicate status: open -> pending supersede

[issue10905] zipfile: fix arcname with leading '///' or '..'

2012-10-21 Thread Serhiy Storchaka

Serhiy Storchaka added the comment: Some comments to patch. +arcname = os.path.sep.join([x for x in arcname.split(os.path.sep) +if x != '..']) File names in zip archive should use '/' as separator, not os.path.sep. '../spam' will be not cleaned by th

[issue10905] zipfile: fix arcname with leading '///' or '..'

2012-04-07 Thread Serhiy Storchaka

Changes by Serhiy Storchaka : -- nosy: +storchaka ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.p

[issue10905] zipfile: fix arcname with leading '///' or '..'

2011-01-14 Thread Zhigang Wang

Zhigang Wang added the comment: Yes, in zipfile, we just overwrite it. Actually, ZipFile.extract() overwrite existing files already. If we want it more powerful, we can add a 'overwrite' parameter. But turning zipfile a full featured zip/unzip tool needs much more extra work... -- _

[issue10905] zipfile: fix arcname with leading '///' or '..'

2011-01-14 Thread Zhigang Wang

Zhigang Wang added the comment: $ unzip -l t.zip Archive: t.zip Length DateTimeName - -- - 3 01-14-2011 21:11 ../foo 3 01-14-2011 21:11 foo - --- 6 2 files [zhigang@loca

[issue10905] zipfile: fix arcname with leading '///' or '..'

2011-01-14 Thread Amaury Forgeot d'Arc

Amaury Forgeot d'Arc added the comment: What happens when the archive contains both 'foo' and '../foo'? They seem to be extracted at the same place. -- nosy: +amaury.forgeotdarc ___ Python tracker ___

[issue10905] zipfile: fix arcname with leading '///' or '..'

2011-01-14 Thread Zhigang Wang

New submission from Zhigang Wang : We only support arcname with one leading '/', but not more. This patch fixes it. We don't support arcname with '..' well. The default behavior of unzip and 7z is to ignore all '..'. This patch does the same. Also updated the doc. If there are other security r

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

[issue10905] zipfile: fix arcname with leading '///' or '..'

8 matches

Site Navigation

Mail list logo

Footer information