From c7d5d1d93b630e352abd9a0c93ea6d34c443f444 Mon Sep 17 00:00:00 2001
From: Pablo Galindo Salgado <Pablogsal@gmail.com>
Date: Wed, 9 Oct 2024 23:30:56 +0100
Subject: gh-125140: Remove the current directory from sys.path when using
 pyrepl (GH-125212)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pablo Galindo <pablogsal@gmail.com>
Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
---
 Lib/site.py                                                   | 11 ++++++++---
 .../Security/2024-10-09-20-08-13.gh-issue-125140.YgNWRB.rst   |  1 +
 2 files changed, 9 insertions(+), 3 deletions(-)
 create mode 100644 Misc/NEWS.d/next/Security/2024-10-09-20-08-13.gh-issue-125140.YgNWRB.rst

diff --git a/Lib/site.py b/Lib/site.py
index b3194d7..07a6361 100644
--- a/Lib/site.py
+++ b/Lib/site.py
@@ -503,9 +503,14 @@ def register_readline():
         if PYTHON_BASIC_REPL:
             CAN_USE_PYREPL = False
         else:
-            import _pyrepl.readline
-            import _pyrepl.unix_console
-            from _pyrepl.main import CAN_USE_PYREPL
+            original_path = sys.path
+            sys.path = [p for p in original_path if p != '']
+            try:
+                import _pyrepl.readline
+                import _pyrepl.unix_console
+                from _pyrepl.main import CAN_USE_PYREPL
+            finally:
+                sys.path = original_path
     except ImportError:
         return
 
diff --git a/Misc/NEWS.d/next/Security/2024-10-09-20-08-13.gh-issue-125140.YgNWRB.rst b/Misc/NEWS.d/next/Security/2024-10-09-20-08-13.gh-issue-125140.YgNWRB.rst
new file mode 100644
index 0000000..f4a4930
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-10-09-20-08-13.gh-issue-125140.YgNWRB.rst
@@ -0,0 +1 @@
+Remove the current directory from ``sys.path`` when using PyREPL.
-- 
cgit v0.12