aboutsummaryrefslogblamecommitdiffstats
path: root/admin/www/CAN-2005-0202.txt
blob: 4c8cd240b8a4d110e20e5744feabc5313840b3c3 (plain) (tree) 
b2a8ab50


































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34


































                                                                   
Index: private.py
===================================================================
RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/private.py,v
retrieving revision 2.16.2.1
diff -u -r2.16.2.1 private.py
--- private.py	8 Feb 2003 07:13:50 -0000	2.16.2.1
+++ private.py	10 Feb 2005 03:34:21 -0000
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -35,13 +35,17 @@
 _ = i18n._
 i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE)
 
+SLASH = '/'
+
 
 
 def true_path(path):
     "Ensure that the path is safe by removing .."
-    path = path.replace('../', '')
-    path = path.replace('./', '')
-    return path[1:]
+    parts = path.split(SLASH)
+    safe = [x for x in parts if x not in ('.', '..')]
+    if parts <> safe:
+        syslog('mischief', 'Directory traversal attack thwarted')
+    return SLASH.join(safe)[1:]
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 01:30:03 +0000