Copy the mm21 admin directory out of the mm21 branch. We'll svn

external the latter to get that back into the release, but I really
don't want to maintain multiple copies of the web pages.

1 files changed, 0 insertions, 34 deletions

diff --git a/admin/www/CAN-2005-0202.txt b/admin/www/CAN-2005-0202.txt
deleted file mode 100644
index 4c8cd240..00000000
--- a/admin/www/CAN-2005-0202.txt
+++ /dev/null
@@ -1,34 +0,0 @@
-Index: private.py
-===================================================================
-RCS file: /cvsroot/mailman/mailman/Mailman/Cgi/private.py,v
-retrieving revision 2.16.2.1
-diff -u -r2.16.2.1 private.py
---- private.py	8 Feb 2003 07:13:50 -0000	2.16.2.1
-+++ private.py	10 Feb 2005 03:34:21 -0000
-@@ -1,4 +1,4 @@
--# Copyright (C) 1998-2003 by the Free Software Foundation, Inc.
-+# Copyright (C) 1998-2005 by the Free Software Foundation, Inc.
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
-@@ -35,13 +35,17 @@
- _ = i18n._
- i18n.set_language(mm_cfg.DEFAULT_SERVER_LANGUAGE)
- 
-+SLASH = '/'
-+
- 
- 
- def true_path(path):
-     "Ensure that the path is safe by removing .."
--    path = path.replace('../', '')
--    path = path.replace('./', '')
--    return path[1:]
-+    parts = path.split(SLASH)
-+    safe = [x for x in parts if x not in ('.', '..')]
-+    if parts <> safe:
-+        syslog('mischief', 'Directory traversal attack thwarted')
-+    return SLASH.join(safe)[1:]
- 
- 
-