Va added the comment:
1.0.0-rc.1 is out by now:
https://github.com/toml-lang/toml/blob/master/CHANGELOG.md
--
nosy: +VA
versions: +Python 3.10
___
Python tracker
<https://bugs.python.org/issue40
Change by Va :
--
components: +Library (Lib)
title: zipfile.extractall is safe by now -> zipfile.extractall is safe by now?
type: behavior -> security
___
Python tracker
<https://bugs.python.org/i
Va added the comment:
> It is not obvious to me that zipfile._extract_member() together with
(for windows) zipfile._sanitize_windows_name() have handled everything
that could happen.
What hasn't been handled then?
What is the safe way to use it?
I think documenting "this funct
New submission from Va :
In documentation of all Python 3 versions,
[ZipFile.extractall](https://docs.python.org/3/library/zipfile.html#zipfile.ZipFile.extractall)
states with a big red warning:
> Warning
> Never extract archives from untrusted sources without prior inspection.
VA added the comment:
The use case is a little more complex.
I have a plugin system, with abstract interfaces. Plugins can't import each
other, but plugins should be able to allowed to depend on another plugin (using
string codes, still no direct imports), and even subclass another plu
New submission from VA :
object.__new__ takes only the class argument, but it still accepts extra
arguments if a class doesn't override __new__, and rejects them otherwise.
(This is because __new__ will receive the same arguments as __init__ but
__new__ shouldn't need to be overridd
