https://github.com/python/cpython/commit/4e15b8d95da9a0f58ad58283979c37e43ff61229
commit: 4e15b8d95da9a0f58ad58283979c37e43ff61229
branch: main
author: Seth Michael Larson <[email protected]>
committer: encukou <[email protected]>
date: 2026-02-03T15:07:59+01:00
summary:
gh-74453: Add stronger security warning to os.path.commonprefix (GH-144401)
files:
M Doc/library/os.path.rst
diff --git a/Doc/library/os.path.rst b/Doc/library/os.path.rst
index 3cfe08a1fe1f7a..bfd59fc5a82049 100644
--- a/Doc/library/os.path.rst
+++ b/Doc/library/os.path.rst
@@ -97,15 +97,17 @@ the :mod:`glob` module.)
.. function:: commonprefix(list, /)
- Return the longest path prefix (taken character-by-character) that is a
- prefix of all paths in *list*. If *list* is empty, return the empty string
+ Return the longest string prefix (taken character-by-character) that is a
+ prefix of all strings in *list*. If *list* is empty, return the empty
string
(``''``).
- .. note::
+ .. warning::
This function may return invalid paths because it works a
- character at a time. To obtain a valid path, see
- :func:`commonpath`.
+ character at a time.
+ If you need a **common path prefix**, then the algorithm
+ implemented in this function is not secure. Use
+ :func:`commonpath` for finding a common path prefix.
::
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
