Running something like the following produces a corrupt .zip file. The builtin XP zip folder view won't show any documents and attempting to extract via "right click -> Extract files..." will set off an untrusted file alert: import zipfile z = zipfile.ZipFile("c:\\foo.zip","w") z.write("c:\\autoexec.bat", "\\autoexec.bat") z.close() zipfile should either throw an error when adding these files or attempt to normalize the path. I would prefer that zipfile make the assumption that any files starting with absolute or relative pathnames ("\\foo\\bar.txt" or ".\\foo\\bar.txt") should join in at the root of the zipfile ("foo\\bar.txt" in this case). Patch to accomplish the latter is attached.
Logged In: YES user_id=699438 Just wanted to note that the documentation of the .zip format from pkzip explicitly states that a drive letter or leading slash is not allowed. The pertinent text: file name: (Variable) The name of the file, with optional relative path. The path stored should not contain a drive or device letter, or a leading slash. All slashes should be forward slashes '/' as opposed to backwards slashes '\' for compatibility with Amiga and UNIX file systems etc. If input came from standard input, there is no file name field. If encrypting the central directory and general purpose bit flag 13 is set indicating masking, the file name stored in the Local Header will not be the actual file name. A masking value consisting of a unique hexadecimal value will be stored. This value will be sequentially incremented for each file in the archive. See the section on the Strong Encryption Specification for details on retrieving the encrypted file name.
