mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-25 21:11:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Issue #6972: keep the warning about untrusted extraction and mention

Browse source 
the version it was improved in.
This commit is contained in:
Gregory P. Smith 2013-02-07 22:17:21 -08:00
commit 1d824ec9b3
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Doc/library/zipfile.rst
View file

@ -260,8 +260,12 @@ ZipFile Objects
be a subset of the list returned by :meth:`namelist`. *pwd* is the password be a subset of the list returned by :meth:`namelist`. *pwd* is the password
used for encrypted files. used for encrypted files.
.. note:: .. warning::
Never extract archives from untrusted sources without prior inspection.
It is possible that files are created outside of *path*, e.g. members
that have absolute filenames starting with ``"/"`` or filenames with two
dots ``".."``. This module attempts to prevent that.
See :meth:`extract` note. See :meth:`extract` note.