[issue8005] datetime's comparison methods do not return NotImplemented when they should

[Thomas W. Barr]

Thomas W. Barr  added the comment:

It's just a test. Finishing the patch completely slipped my mind. I'll work on 
it later tonight.

--

___
Python tracker 
<http://bugs.python.org/issue8005>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue8005] datetime's comparison methods do not return NotImplemented when they should

[Thomas W. Barr]

Thomas W. Barr  added the comment:

I'm still reasonably new to the codebase, but I'm certainly going to try to fix 
the issue.

--

___
Python tracker 
<http://bugs.python.org/issue8005>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

I'll update my patch to work on the current 3.x head later tonight.

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

The Sniffer.sniff routine doesn't set the doublequote property at all
right now. I'm working on a patch to see if I can add this functionality.

--
nosy: +twb
type: behavior -> feature request

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Test for this issue.

--
keywords: +patch
Added file: http://bugs.python.org/file14610/test_csv.py.diff

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Patch for the issue. Looks for extraneous quote inside the quotes by the
delimiters.

--
Added file: http://bugs.python.org/file14611/csv.py.diff

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

The documentation doesn't actually say what parameters are sniffed, so
technically, that doesn't need to be changed. Should this be added?

--

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Changes by Thomas W. Barr :


Removed file: http://bugs.python.org/file14611/csv.py.diff

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Reformatted line in patch.

--
Added file: http://bugs.python.org/file14612/csv.py.diff

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Patch uploaded to rietveld: http://codereview.appspot.com/96202/show

--

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

I'm not actually sure where we go from here. This is my first attempted 
patch to this project, and I was hoping that someone else would be more 
knowledgeable about the process;-)

--

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6606] csv.Sniffer.sniff on data with doublequotes doesn't set up the dialect properly

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Got it. Yes, they're the same patch.

--

___
Python tracker 
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7008] str.title() misbehaves with apostrophes

[Thomas W. Barr]

Thomas W. Barr  added the comment:

The string module, however, fails to properly capitalize anything in quotes:

>>> string.capwords("i pity the 'foo'.")
"I Pity The 'foo'."

The string module could be easily made to work like the object. The
object could be made to work more like the module, only capitalizing
things after a space and the start of the string, but I'm not really
sure that it's any better. (The s.istitle() should also be updated if
s.title() is changed.) The inconsistency is pretty nasty, though, and
the documentation should probably be more specific about what's going on.

--
nosy: +twb

___
Python tracker 
<http://bugs.python.org/issue7008>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7008] str.title() misbehaves with apostrophes

[Thomas W. Barr]

Thomas W. Barr  added the comment:

If "correct handling of apostrophe's and quotation marks, keeping the
string length unchanged, and only changing desired letters from lower to
uppercase with no other side-effects" is the criterion we want, then
what I suggested (toupper() the first character, and any character that
follows a space or punctuation character) should work. (Unless I'm
missing something.) Do we want to tolower() all other characters, like
the interpreter does now?

I can make a test and patch for this if this is what we decide.

--

___
Python tracker 
<http://bugs.python.org/issue7008>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Changes by Thomas W. Barr :


--
nosy: +twb

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Do people have an opinion as to whether this should be fixed with a 
docfix, fixed as default (with option to allow path traversal) or fixed as 
a non-default option? The same issue exists in ZipFile.extract, but in 
that case you're presumably passing a path you've already vetted.

Either way, I'll write a test case for it tomorrow.

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

My working solution is to iterate through members, and ensuring that
os.path.abspath(os.path.join(path, member)) always .startswith(path).
This seems like a better solution than trying to trap on a pattern in
the string. Presumably the same fix can be made to tarfile.

For what it's worth, OS X's BOMArchiveManager will place a file stored
as '../foo.txt' in the extract path, not the directory right outside it.

While we're on the topic, there may also be a bug in this, or the
tarfile package that would allow a malicious archive to extract a
symlink to an existing directory somewhere on the target machine, and
files extracted to that symlink. I haven't really thought that through,
but I'm sure that my fix won't correct that possible issue.

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Uploading test.

--
keywords: +patch
Added file: http://bugs.python.org/file15002/zipfile-6972-test.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Uploading patch. This actually should fix my theoretical symlink bug
since realpath() properly follows symlinks. The only thing that I
haven't been able to test is the behavior of realpath() on
case-insensitive operating systems. This should do the right thing, the
path should be normalized, but can someone confirm this?

--
Added file: http://bugs.python.org/file15003/zipfile-6972-patch.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

As for the documentation, it might be a wise idea to up date the current
documentation to mention this issue, until the next release. I'm not
really sure what the process is for doing that, though...

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

zf.extract() is unsafe for the same reason. My patch fixes this issue,
but we should mention the possible bug in the documentation there as
well. They do this for the similar bug in tarfile.

I've copy/pasted the mention in tarfile.extract() to zipfile.extract()
into the diff.

--
Added file: http://bugs.python.org/file15004/extract-doc.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Changes by Thomas W. Barr :


Removed file: http://bugs.python.org/file15002/zipfile-6972-test.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

My apologies, I clicked the wrong button and deleted my test. There is no 
change in the newly uploaded one.

--
Added file: http://bugs.python.org/file15005/zipfile-6972-test.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

os.path.realpath() doesn't normalize case, so this could have issues on
Windows. The new patch should not.

The Mac version of os.path.normpath doesn't change the path, as per the
posix version, which isn't correct on HFS+, which is not case sensitive.
That's another bug for another ticket, though.

--
Added file: http://bugs.python.org/file15009/zipfile-6972-patch-2.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Changes by Thomas W. Barr :


Removed file: http://bugs.python.org/file15003/zipfile-6972-patch.diff

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Good point, I'd forgotten that case-sensitive file systems are an
option. I do know that it's not the default, though, and that as shipped
from Apple, at least the consumer machines are case-insensitive. Things
may be different in server-land.

For what it's worth, NTFS isn't entirely case-insensitive, either.
(http://support.microsoft.com/kb/100625)

Should the os.path.normcase() method be made smarter, and actually query
the filesystem about such things? (If I should start a new ticket for
this, somebody please let me know.)

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

A fair point. I was thinking that we could query the OS about whatever
filesystem the path is on, but this wouldn't work for a file that hasn't
been created yet.

The issue with extractall() isn't just that it can extract over existing
files, it's that it can write files anywhere on the filesystem, both by
exploiting symlinks and through path manipulation. The more I think
about it, though, the more I think the case sensitivity is a non-issue
here, since the trailing part of the extraction paths is built out of
the base path, which I then compare against. The capitalization will
therefore be consistent, and I don't need to worry about this. Does this
seem right?

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue6972] zipfile.ZipFile overwrites files outside destination path

[Thomas W. Barr]

Thomas W. Barr  added the comment:

Even if we can't fix things for this release, presumably it's not too
late to fix things for 2.7, right?

Yes, there certainly are cases where you might want to have creative
usage of symlinks and stored paths to allow overwriting existing files,
and placing files outside of the extraction path, but that doesn't seem
like the default case to me. Would it be a decent compromise to add a
extract_under_path=True default option to extract() and extractall() for
2.7?

--

___
Python tracker 
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com