From 5fc5deb1d60e83c9d15fb2f8d623dbef52751e3b Mon Sep 17 00:00:00 2001
From: Pauli Virtanen <pav@iki.fi>
Date: Sat, 19 Apr 2008 21:45:35 +0000
Subject: Fix bug #738 and add corresponding tests.

lib._datasource.DataSource.abspath now sanitizes path names more carefully,
making sure that all file paths reside in destdir, also on Windows.  (Where
both '/' and os.sep function as path separators, as far as os.path.join is
concerned.)
---
 numpy/lib/_datasource.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'numpy/lib/_datasource.py')

diff --git a/numpy/lib/_datasource.py b/numpy/lib/_datasource.py
index 3fe1df615..653432405 100644
--- a/numpy/lib/_datasource.py
+++ b/numpy/lib/_datasource.py
@@ -287,7 +287,22 @@ class DataSource (object):
         if len(splitpath) > 1:
             path = splitpath[1]
         scheme, netloc, upath, uparams, uquery, ufrag = urlparse(path)
-        return os.path.join(self._destpath, netloc, upath.strip(os.sep))
+        netloc = self._sanitize_relative_path(netloc)
+        upath = self._sanitize_relative_path(upath)
+        return os.path.join(self._destpath, netloc, upath)
+
+    def _sanitize_relative_path(self, path):
+        """Return a sanitised relative path for which
+        os.path.abspath(os.path.join(base, path)).startswith(base)
+        """
+        last = None
+        path = os.path.normpath(path)
+        while path != last:
+            last = path
+            # Note: os.path.join treats '/' as os.sep
+            path = path.lstrip(os.sep).lstrip('/')
+            path = path.lstrip(os.pardir).lstrip('..')
+        return path
 
     def exists(self, path):
         """Test if ``path`` exists.
-- 
cgit v1.2.1