Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #6775
| Date | 2011-05-31 21:17 -0500 |
|---|---|
| From | Tim Chase <python.list@tim.thechases.com> |
| Subject | Sanitizing filename strings across platforms |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2350.1306896665.9059.python-list@python.org> (permalink) |
Scenario: a file-name from potentially untrusted sources may have
odd filenames that need to be sanitized for the underlying OS.
On *nix, this generally just means "don't use '/' or \x00 in your
string", while on Win32, there are a host of verboten characters
and file-names. Then there's also checking the abspath/normpath
of the resulting name to make sure it's still in the intended folder.
I've read through [1] and have started to glom together various
bits from that thread. My current course of action is something like
SACRED_WIN32_FNAMES = set(
['CON', 'PRN', 'CLOCK$', 'AUX', 'NUL'] +
['LPT%i' % i for i in range(32)] +
['CON%i' % i for i in range(32)] +
def sanitize_filename(fname):
sane = set(string.letters + string.digits + '-_.[]{}()$')
results = ''.join(c for c in fname if c in sane)
# might have to check sans-extension
if results.upper() in SACRED_WIN32_FNAMES:
results = "_" + results
return results
but if somebody already has war-hardened code they'd be willing
to share, I'd appreciate any thoughts.
Thanks,
-tkc
[1]
http://stackoverflow.com/questions/295135/turn-a-string-into-a-valid-filename-in-python
Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread
Sanitizing filename strings across platforms Tim Chase <python.list@tim.thechases.com> - 2011-05-31 21:17 -0500 Re: Sanitizing filename strings across platforms Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-05-31 20:17 -0700
csiph-web