Issue #6972: keep the warning about untrusted extraction and mention

author Gregory P. Smith <greg@krypto.org>

Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)

committer Gregory P. Smith <greg@krypto.org>

Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)
author Gregory P. Smith <greg@krypto.org>
Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)
committer Gregory P. Smith <greg@krypto.org>
Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)
diff --cc Doc/library/zipfile.rst

index b00e26d9c033f4ce0b7b00a5297ca6a48df948d1,d82ab0633c3147aff5f752d3eee310dbf65544b3..c63b23bffb4149a5eb0ca50b4efffab60cb67571
--- 1/Doc/library/zipfile.rst
--- 2/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@@ -260,9 -232,15 +260,15 @@@ ZipFile Object
      be a subset of the list returned by :meth:`namelist`.  *pwd* is the password
      used for encrypted files.
   
-    .. note::
+    .. warning::
+ 
+       Never extract archives from untrusted sources without prior inspection.
+       It is possible that files are created outside of *path*, e.g. members
+       that have absolute filenames starting with ``"/"`` or filenames with two
+       dots ``".."``.
   
-       See :meth:`extract` note.
- -   .. versionchanged:: 3.2.4
++   .. versionchanged:: 3.3.1
+       The zipfile module attempts to prevent that.  See :meth:`extract` note.
   
   
   .. method:: ZipFile.printdir()
author	Gregory P. Smith <greg@krypto.org>
	Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)
committer	Gregory P. Smith <greg@krypto.org>
	Fri, 8 Feb 2013 06:15:51 +0000 (22:15 -0800)