Philipp Hagemeister added the comment: Please find attached a patch which adds a testcase for Windows (on all platforms) as well as code to fix the problem. Since os.path.split returns everything after the final slash/backslash, it only needs to be called once.
Note that the usage of posixpath is correct and only relates to the URL parsing - it powers foo/bar/../../ . The path elements may indeed contain backslashes - that's why we call os.path.split on them. ---------- keywords: +patch nosy: +phihag Added file: http://bugs.python.org/file42318/fix-path-traversal-26657.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26657> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
