24 Apr
2001
24 Apr
'01
4:43 p.m.
Yes, it's a good idea to ALWAYS compute your file names instead of letting a user pass in a name (and perhaps a path) that you just accept. Either strip down to the filename and generate your own path, or generate the complete path and name yourself. Cheers, Tom P Tino Wildenhain wrote -
... Dont use + to concenat pathname parts. Use os.path.join() instead. Try os.path.split(os.path.normpath(os.path.join(part,of,your,pathname))) to see the result of the concenation and if its still in the directory you want it to be. (someone could feed '../../name' into your script)