[3.12] gh-74453: Add stronger security warning to os.path.commonprefix

author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>

Tue, 3 Feb 2026 14:29:02 +0000 (15:29 +0100)

committer GitHub <noreply@github.com>

Tue, 3 Feb 2026 14:29:02 +0000 (14:29 +0000)
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 3 Feb 2026 14:29:02 +0000 (15:29 +0100)
committer GitHub <noreply@github.com>
Tue, 3 Feb 2026 14:29:02 +0000 (14:29 +0000)
diff --git a/Doc/library/os.path.rst b/Doc/library/os.path.rst

index 4208c7293876bae2597825436c7cf61b461f631d..fb6ac3eab92e8f2b5f02833df6d7b37f099427ec 100644 (file)
--- a/Doc/library/os.path.rst
+++ b/Doc/library/os.path.rst
@@ -93,15 +93,17 @@ the :mod:`glob` module.)
  
  .. function:: commonprefix(list)
  
-   Return the longest path prefix (taken character-by-character) that is a
-   prefix of all paths in  *list*.  If *list* is empty, return the empty string
+   Return the longest string prefix (taken character-by-character) that is a
+   prefix of all strings in *list*.  If *list* is empty, return the empty string
     (``''``).
  
-   .. note::
+   .. warning::
  
        This function may return invalid paths because it works a
-      character at a time.  To obtain a valid path, see
-      :func:`commonpath`.
+      character at a time.
+      If you need a **common path prefix**, then the algorithm
+      implemented in this function is not secure. Use
+      :func:`commonpath` for finding a common path prefix.
  
        ::
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 3 Feb 2026 14:29:02 +0000 (15:29 +0100)
committer	GitHub <noreply@github.com>
	Tue, 3 Feb 2026 14:29:02 +0000 (14:29 +0000)