[3.12] gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537) (#130987)
gh-123726: Document caveats of zipfile.Path around name sanitization (GH-130537)
Add a note to the `zipfile.Path` class documentation clarifying that it does not sanitize filenames. This emphasizes the caller's responsibility to validate or sanitize inputs, especially when handling untrusted ZIP archives, to prevent path traversal vulnerabilities. The note also references the `extract` and `extractall` methods for comparison and suggests using `os.path.abspath` and `os.path.commonpath` for safe filename resolution.
(cherry picked from commit
a3990df6121880e8c67824a101bb1316de232898)
Co-authored-by: Affan Shaikhsurab <51104750+AffanShaikhsurab@users.noreply.github.com>
projects / thirdparty / Python / cpython.git / commit
