Bug #1413790: zipfile now sanitizes absolute archive names that are

not allowed by the specs.

2 files changed, 15 insertions, 3 deletions

diff --git a/Lib/test/test_zipfile.py b/Lib/test/test_zipfile.py
index 57e7423..9fadc30 100644
--- a/Lib/test/test_zipfile.py
+++ b/Lib/test/test_zipfile.py
@@ -45,6 +45,16 @@ class TestsWithSourceFile(unittest.TestCase):
             for f in (TESTFN2, TemporaryFile(), StringIO()):
                 self.zipTest(f, zipfile.ZIP_DEFLATED)
 
+    def testAbsoluteArcnames(self):
+        zipfp = zipfile.ZipFile(TESTFN2, "w", zipfile.ZIP_STORED)
+        zipfp.write(TESTFN, "/absolute")
+        zipfp.close()
+
+        zipfp = zipfile.ZipFile(TESTFN2, "r", zipfile.ZIP_STORED)
+        self.assertEqual(zipfp.namelist(), ["absolute"])
+        zipfp.close()
+        
+
     def tearDown(self):
         os.remove(TESTFN)
         os.remove(TESTFN2)
diff --git a/Lib/zipfile.py b/Lib/zipfile.py
index 037843c..168d245 100644
--- a/Lib/zipfile.py
+++ b/Lib/zipfile.py
@@ -397,9 +397,11 @@ class ZipFile:
         date_time = mtime[0:6]
         # Create ZipInfo instance to store file information
         if arcname is None:
-            zinfo = ZipInfo(filename, date_time)
-        else:
-            zinfo = ZipInfo(arcname, date_time)
+            arcname = filename
+        arcname = os.path.normpath(os.path.splitdrive(arcname)[1])
+        while arcname[0] in (os.sep, os.altsep):
+            arcname = arcname[1:]
+        zinfo = ZipInfo(arcname, date_time)
         zinfo.external_attr = (st[0] & 0xFFFF) << 16L      # Unix attributes
         if compress_type is None:
             zinfo.compress_type = self.compression