Thomas W. Barr added the comment:
I'll update my patch to work on the current 3.x head later tonight.
--
___
Python tracker
<http://bugs.python.org/i
Thomas W. Barr added the comment:
I'm still reasonably new to the codebase, but I'm certainly going to try to fix
the issue.
--
___
Python tracker
<http://bugs.python.
Thomas W. Barr added the comment:
It's just a test. Finishing the patch completely slipped my mind. I'll work on
it later tonight.
--
___
Python tracker
<http://bugs.python.
Thomas W. Barr added the comment:
Even if we can't fix things for this release, presumably it's not too
late to fix things for 2.7, right?
Yes, there certainly are cases where you might want to have creative
usage of symlinks and stored paths to allow overwriting existing files,
a
Thomas W. Barr added the comment:
A fair point. I was thinking that we could query the OS about whatever
filesystem the path is on, but this wouldn't work for a file that hasn't
been created yet.
The issue with extractall() isn't just that it can extract over existing
files, i
Thomas W. Barr added the comment:
Good point, I'd forgotten that case-sensitive file systems are an
option. I do know that it's not the default, though, and that as shipped
from Apple, at least the consumer machines are case-insensitive. Things
may be different in server-land.
For
Changes by Thomas W. Barr :
Removed file: http://bugs.python.org/file15003/zipfile-6972-patch.diff
___
Python tracker
<http://bugs.python.org/issue6972>
___
___
Python-bug
Thomas W. Barr added the comment:
os.path.realpath() doesn't normalize case, so this could have issues on
Windows. The new patch should not.
The Mac version of os.path.normpath doesn't change the path, as per the
posix version, which isn't correct on HFS+, which is not case se
Thomas W. Barr added the comment:
My apologies, I clicked the wrong button and deleted my test. There is no
change in the newly uploaded one.
--
Added file: http://bugs.python.org/file15005/zipfile-6972-test.diff
___
Python tracker
<h
Changes by Thomas W. Barr :
Removed file: http://bugs.python.org/file15002/zipfile-6972-test.diff
___
Python tracker
<http://bugs.python.org/issue6972>
___
___
Python-bug
Thomas W. Barr added the comment:
zf.extract() is unsafe for the same reason. My patch fixes this issue,
but we should mention the possible bug in the documentation there as
well. They do this for the similar bug in tarfile.
I've copy/pasted the mention in tarfile.extract() to zipfile.ex
Thomas W. Barr added the comment:
As for the documentation, it might be a wise idea to up date the current
documentation to mention this issue, until the next release. I'm not
really sure what the process is for doing that, though...
--
___
P
Thomas W. Barr added the comment:
Uploading patch. This actually should fix my theoretical symlink bug
since realpath() properly follows symlinks. The only thing that I
haven't been able to test is the behavior of realpath() on
case-insensitive operating systems. This should do the right
Thomas W. Barr added the comment:
Uploading test.
--
keywords: +patch
Added file: http://bugs.python.org/file15002/zipfile-6972-test.diff
___
Python tracker
<http://bugs.python.org/issue6
Thomas W. Barr added the comment:
My working solution is to iterate through members, and ensuring that
os.path.abspath(os.path.join(path, member)) always .startswith(path).
This seems like a better solution than trying to trap on a pattern in
the string. Presumably the same fix can be made to
Thomas W. Barr added the comment:
Do people have an opinion as to whether this should be fixed with a
docfix, fixed as default (with option to allow path traversal) or fixed as
a non-default option? The same issue exists in ZipFile.extract, but in
that case you're presumably passing a
Changes by Thomas W. Barr :
--
nosy: +twb
___
Python tracker
<http://bugs.python.org/issue6972>
___
___
Python-bugs-list mailing list
Unsubscribe:
Thomas W. Barr added the comment:
If "correct handling of apostrophe's and quotation marks, keeping the
string length unchanged, and only changing desired letters from lower to
uppercase with no other side-effects" is the criterion we want, then
what I suggested (toupper() the
Thomas W. Barr added the comment:
The string module, however, fails to properly capitalize anything in quotes:
>>> string.capwords("i pity the 'foo'.")
"I Pity The 'foo'."
The string module could be easily made to work like the object. The
Thomas W. Barr added the comment:
Got it. Yes, they're the same patch.
--
___
Python tracker
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list m
Thomas W. Barr added the comment:
I'm not actually sure where we go from here. This is my first attempted
patch to this project, and I was hoping that someone else would be more
knowledgeable about the process;-)
--
___
Python tracker
Thomas W. Barr added the comment:
Patch uploaded to rietveld: http://codereview.appspot.com/96202/show
--
___
Python tracker
<http://bugs.python.org/issue6
Thomas W. Barr added the comment:
Reformatted line in patch.
--
Added file: http://bugs.python.org/file14612/csv.py.diff
___
Python tracker
<http://bugs.python.org/issue6
Changes by Thomas W. Barr :
Removed file: http://bugs.python.org/file14611/csv.py.diff
___
Python tracker
<http://bugs.python.org/issue6606>
___
___
Python-bugs-list m
Thomas W. Barr added the comment:
The documentation doesn't actually say what parameters are sniffed, so
technically, that doesn't need to be changed. Should this be added?
--
___
Python tracker
<http://bugs.python.
Thomas W. Barr added the comment:
Patch for the issue. Looks for extraneous quote inside the quotes by the
delimiters.
--
Added file: http://bugs.python.org/file14611/csv.py.diff
___
Python tracker
<http://bugs.python.org/issue6
Thomas W. Barr added the comment:
Test for this issue.
--
keywords: +patch
Added file: http://bugs.python.org/file14610/test_csv.py.diff
___
Python tracker
<http://bugs.python.org/issue6
Thomas W. Barr added the comment:
The Sniffer.sniff routine doesn't set the doublequote property at all
right now. I'm working on a patch to see if I can add this functionality.
--
nosy: +twb
type: behavior -> feature request
___
P
28 matches
Mail list logo
