From: Gregory P. Smith <greg@krypto.org>
Date: Fri, 8 Feb 2013 06:15:51 +0000 (-0800)
Subject: Issue #6972: keep the warning about untrusted extraction and mention
X-Git-Tag: v3.3.1rc1~209
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5546b002de96ce8e8d2104232e46ca16889c96cd;p=python

Issue #6972: keep the warning about untrusted extraction and mention
the version it was improved in.
---

5546b002de96ce8e8d2104232e46ca16889c96cd
diff --cc Doc/library/zipfile.rst
index b00e26d9c0,d82ab0633c..c63b23bffb
--- a/Doc/library/zipfile.rst
+++ b/Doc/library/zipfile.rst
@@@ -260,9 -232,15 +260,15 @@@ ZipFile Object
     be a subset of the list returned by :meth:`namelist`.  *pwd* is the password
     used for encrypted files.
  
-    .. note::
+    .. warning::
+ 
+       Never extract archives from untrusted sources without prior inspection.
+       It is possible that files are created outside of *path*, e.g. members
+       that have absolute filenames starting with ``"/"`` or filenames with two
+       dots ``".."``.
  
-       See :meth:`extract` note.
 -   .. versionchanged:: 3.2.4
++   .. versionchanged:: 3.3.1
+       The zipfile module attempts to prevent that.  See :meth:`extract` note.
  
  
  .. method:: ZipFile.printdir()