mirror of https://github.com/python/cpython
Bug #1413790: zipfile now sanitizes absolute archive names that are
not allowed by the specs.
This commit is contained in:
parent
200a58058a
commit
8f7c54eaa5
|
@ -140,10 +140,13 @@ cat myzip.zip >> python.exe
|
|||
compress_type}}}
|
||||
Write the file named \var{filename} to the archive, giving it the
|
||||
archive name \var{arcname} (by default, this will be the same as
|
||||
\var{filename}). If given, \var{compress_type} overrides the value
|
||||
\var{filename}, but without a drive letter and with leading path
|
||||
separators removed). If given, \var{compress_type} overrides the value
|
||||
given for the \var{compression} parameter to the constructor for
|
||||
the new entry. The archive must be open with mode \code{'w'} or
|
||||
\code{'a'}.
|
||||
\code{'a'}.
|
||||
\note{Archive names should be relative to the archive root, that is,
|
||||
they should not start with a path separator.}
|
||||
\end{methoddesc}
|
||||
|
||||
\begin{methoddesc}{writestr}{zinfo_or_arcname, bytes}
|
||||
|
|
|
@ -45,6 +45,16 @@ class TestsWithSourceFile(unittest.TestCase):
|
|||
for f in (TESTFN2, TemporaryFile(), StringIO()):
|
||||
self.zipTest(f, zipfile.ZIP_DEFLATED)
|
||||
|
||||
def testAbsoluteArcnames(self):
|
||||
zipfp = zipfile.ZipFile(TESTFN2, "w", zipfile.ZIP_STORED)
|
||||
zipfp.write(TESTFN, "/absolute")
|
||||
zipfp.close()
|
||||
|
||||
zipfp = zipfile.ZipFile(TESTFN2, "r", zipfile.ZIP_STORED)
|
||||
self.assertEqual(zipfp.namelist(), ["absolute"])
|
||||
zipfp.close()
|
||||
|
||||
|
||||
def tearDown(self):
|
||||
os.remove(TESTFN)
|
||||
os.remove(TESTFN2)
|
||||
|
|
|
@ -397,9 +397,11 @@ class ZipFile:
|
|||
date_time = mtime[0:6]
|
||||
# Create ZipInfo instance to store file information
|
||||
if arcname is None:
|
||||
zinfo = ZipInfo(filename, date_time)
|
||||
else:
|
||||
zinfo = ZipInfo(arcname, date_time)
|
||||
arcname = filename
|
||||
arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
|
||||
while arcname[0] in (os.sep, os.altsep):
|
||||
arcname = arcname[1:]
|
||||
zinfo = ZipInfo(arcname, date_time)
|
||||
zinfo.external_attr = (st[0] & 0xFFFF) << 16L # Unix attributes
|
||||
if compress_type is None:
|
||||
zinfo.compress_type = self.compression
|
||||
|
|
|
@ -372,6 +372,12 @@ Extension Modules
|
|||
Library
|
||||
-------
|
||||
|
||||
- Bug #1413790: zipfile now sanitizes absolute archive names that are
|
||||
not allowed by the specs.
|
||||
|
||||
- Bug #1413790: zipfile now sanitizes absolute archive names that are
|
||||
not allowed by the specs.
|
||||
|
||||
- Patch #1215184: FileInput now can be given an opening hook which can
|
||||
be used to control how files are opened.
|
||||
|
||||
|
|
Loading…
Reference in New Issue