Steve Holden wrote:
> Having said this, Andrew *did* demonstrate quite convincingly that the
> current urljoin has some fairly egregious directory traversal glitches.
> Is it really right to punt obvious gotchas like
>
> >>>urlparse.urljoin("http://blah.com/a/b/c";, "../../../../")
>
> 'http://blah.com/../../'
>
> >>>
>
> to the server?
See Paul Jimenez's thread about replacing urlparse with something better. The
current module has some serious issues :)
Cheers,
Nick.
--
Nick Coghlan | [EMAIL PROTECTED] | Brisbane, Australia
---------------------------------------------------------------
http://www.boredomandlaziness.org
_______________________________________________
Python-Dev mailing list
[email protected]
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
