From: Gregory P. Smith <greg@krypto.org>
Date: Fri, 8 Feb 2013 06:17:21 +0000 (-0800)
Subject: Issue #6972: keep the warning about untrusted extraction and mention
X-Git-Tag: v3.4.0a1~1423
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1d824ec9b343be008e03443114e3e9b918aea0df;p=python

Issue #6972: keep the warning about untrusted extraction and mention
the version it was improved in.
---

1d824ec9b343be008e03443114e3e9b918aea0df
diff --cc Doc/library/zipfile.rst
index b00e26d9c0,c63b23bffb..e84c707b22
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@@ -260,9 -260,15 +260,13 @@@ ZipFile Object
     be a subset of the list returned by :meth:`namelist`.  *pwd* is the password
     used for encrypted files.
  
-    .. note::
+    .. warning::
  
+       Never extract archives from untrusted sources without prior inspection.
+       It is possible that files are created outside of *path*, e.g. members
+       that have absolute filenames starting with ``"/"`` or filenames with two
 -      dots ``".."``.
 -
 -   .. versionchanged:: 3.3.1
 -      The zipfile module attempts to prevent that.  See :meth:`extract` note.
++      dots ``".."``.  This module attempts to prevent that.
 +      See :meth:`extract` note.
  
  
  .. method:: ZipFile.printdir()