diff options
| author | Pauli Virtanen <pav@iki.fi> | 2008-04-19 21:45:35 +0000 |
|---|---|---|
| committer | Pauli Virtanen <pav@iki.fi> | 2008-04-19 21:45:35 +0000 |
| commit | 5fc5deb1d60e83c9d15fb2f8d623dbef52751e3b (patch) | |
| tree | 7864d9f597ed5605b3b7f9c63ea5e235070a3b7b /numpy/lib/_datasource.py | |
| parent | db8970d31304fe06bdef3abed9e95d8f67d2729f (diff) | |
| download | numpy-5fc5deb1d60e83c9d15fb2f8d623dbef52751e3b.tar.gz | |
Fix bug #738 and add corresponding tests.
lib._datasource.DataSource.abspath now sanitizes path names more carefully,
making sure that all file paths reside in destdir, also on Windows. (Where
both '/' and os.sep function as path separators, as far as os.path.join is
concerned.)
Diffstat (limited to 'numpy/lib/_datasource.py')
| -rw-r--r-- | numpy/lib/_datasource.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/numpy/lib/_datasource.py b/numpy/lib/_datasource.py index 3fe1df615..653432405 100644 --- a/numpy/lib/_datasource.py +++ b/numpy/lib/_datasource.py @@ -287,7 +287,22 @@ class DataSource (object): if len(splitpath) > 1: path = splitpath[1] scheme, netloc, upath, uparams, uquery, ufrag = urlparse(path) - return os.path.join(self._destpath, netloc, upath.strip(os.sep)) + netloc = self._sanitize_relative_path(netloc) + upath = self._sanitize_relative_path(upath) + return os.path.join(self._destpath, netloc, upath) + + def _sanitize_relative_path(self, path): + """Return a sanitised relative path for which + os.path.abspath(os.path.join(base, path)).startswith(base) + """ + last = None + path = os.path.normpath(path) + while path != last: + last = path + # Note: os.path.join treats '/' as os.sep + path = path.lstrip(os.sep).lstrip('/') + path = path.lstrip(os.pardir).lstrip('..') + return path def exists(self, path): """Test if ``path`` exists. |