@@ -539,7 +539,7 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
539539 Remove the archive format *name * from the list of supported formats.
540540
541541
542- .. function :: unpack_archive(filename[, extract_dir[, format]])
542+ .. function :: unpack_archive(filename[, extract_dir[, format[, filter] ]])
543543
544544 Unpack an archive. *filename * is the full path of the archive.
545545
@@ -553,9 +553,27 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
553553 registered for that extension. In case none is found,
554554 a :exc: `ValueError ` is raised.
555555
556+ The keyword-only *filter * argument, which was added in Python 3.7.17,
557+ is passed to the underlying unpacking function.
558+ For zip files, *filter * is not accepted.
559+ For tar files, it is recommended to set it to ``'data' ``,
560+ unless using features specific to tar and UNIX-like filesystems.
561+ (See :ref: `tarfile-extraction-filter ` for details.)
562+ The ``'data' `` filter will become the default for tar files
563+ in Python 3.14.
564+
565+ .. warning ::
566+
567+ Never extract archives from untrusted sources without prior inspection.
568+ It is possible that files are created outside of the path specified in
569+ the *extract_dir * argument, e.g. members that have absolute filenames
570+ starting with "/" or filenames with two dots "..".
571+
556572 .. versionchanged :: 3.7
557573 Accepts a :term: `path-like object ` for *filename * and *extract_dir *.
558574
575+ .. versionchanged :: 3.7.17
576+ Added the *filter * argument.
559577
560578.. function :: register_unpack_format(name, extensions, function[, extra_args[, description]])
561579
@@ -564,11 +582,14 @@ provided. They rely on the :mod:`zipfile` and :mod:`tarfile` modules.
564582 ``.zip `` for Zip files.
565583
566584 *function * is the callable that will be used to unpack archives. The
567- callable will receive the path of the archive, followed by the directory
568- the archive must be extracted to.
569-
570- When provided, *extra_args * is a sequence of ``(name, value) `` tuples that
571- will be passed as keywords arguments to the callable.
585+ callable will receive:
586+
587+ - the path of the archive, as a positional argument;
588+ - the directory the archive must be extracted to, as a positional argument;
589+ - possibly a *filter * keyword argument, if it was given to
590+ :func: `unpack_archive `;
591+ - additional keyword arguments, specified by *extra_args * as a sequence
592+ of ``(name, value) `` tuples.
572593
573594 *description * can be provided to describe the format, and will be returned
574595 by the :func: `get_unpack_formats ` function.
0 commit comments