But it's stricter than that: any path component causes the path to be
rejected:
> if name != os.path.basename(name):
> raise SuspiciousFileOperation("File name '%s' includes path
elements" % name)
Is this level of strictness necessary?
--
Ticket URL: <https://code.djangoproject.com/ticket/32725>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Old description:
> It seems to me that the release note for 2.2.21 is incomplete. It says,
> "Specifically, empty file names and paths with dot segments will be
> rejected."
>
> But it's stricter than that: any path component causes the path to be
> rejected:
>
> > if name != os.path.basename(name):
> > raise SuspiciousFileOperation("File name '%s' includes path
> elements" % name)
>
> Is this level of strictness necessary?
New description:
It seems to me that the release note for 2.2.21 is incomplete. It says,
"Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be
rejected:
```
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path
elements" % name)
```
Is this level of strictness necessary?
--
--
Ticket URL: <https://code.djangoproject.com/ticket/32725#comment:1>
Old description:
> It seems to me that the release note for 2.2.21 is incomplete. It says,
> "Specifically, empty file names and paths with dot segments will be
> rejected."
>
> But it's stricter than that: any path component causes the path to be
> rejected:
>
> ```
> if name != os.path.basename(name):
> raise SuspiciousFileOperation("File name '%s' includes path
> elements" % name)
> ```
>
> Is this level of strictness necessary?
New description:
It seems to me that the release note for 2.2.21 is incomplete. It says,
"Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be
rejected:
{{{
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path
elements" % name)
}}}
Is this level of strictness necessary?
--
--
Ticket URL: <https://code.djangoproject.com/ticket/32725#comment:2>
Old description:
> It seems to me that the release note for 2.2.21 is incomplete. It says,
> "Specifically, empty file names and paths with dot segments will be
> rejected."
>
> But it's stricter than that: any path component causes the path to be
> rejected:
>
> {{{
> if name != os.path.basename(name):
> raise SuspiciousFileOperation("File name '%s' includes path
> elements" % name)
> }}}
>
> Is this level of strictness necessary?
New description:
It seems to me that the release note for 2.2.21 is incomplete. It says,
"Specifically, empty file names and paths with dot segments will be
rejected."
But it's stricter than that: any path component causes the path to be
rejected:
{{{
if name != os.path.basename(name):
raise SuspiciousFileOperation("File name '%s' includes path elements"
% name)
}}}
Is this level of strictness necessary?
--
--
Ticket URL: <https://code.djangoproject.com/ticket/32725#comment:3>
Comment (by Ned Batchelder):
Looks like this is a dup of https://code.djangoproject.com/ticket/32718
--
Ticket URL: <https://code.djangoproject.com/ticket/32725#comment:4>
* status: new => closed
* resolution: => duplicate
--
Ticket URL: <https://code.djangoproject.com/ticket/32725#comment:5>