[Python-Dev] Path object design (original) (raw)
Steve Holden steve at holdenweb.com
Sat Nov 4 18:16:51 CET 2006
- Previous message: [Python-Dev] Path object design
- Next message: [Python-Dev] Path object design
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Urman wrote:
On 11/3/06, Steve Holden <steve at holdenweb.com> wrote:
Having said this, Andrew did demonstrate quite convincingly that the current urljoin has some fairly egregious directory traversal glitches. Is it really right to punt obvious gotchas like
>>>urlparse.urljoin("http://blah.com/a/b/c", "../../../../") 'http://blah.com/../../' Ah, but how do you know when that's wrong? At least under ftp:// your root is often a mid-level directory until you change up out of it. http:// will tend to treat the targets as roots, but I don't know that there's any requirement for a /.. to be meaningless (even if it often is). I'm darned if I know. I simply know that it isn't right for http resources.
regards Steve
Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden
- Previous message: [Python-Dev] Path object design
- Next message: [Python-Dev] Path object design
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]