mailman/contribs7/mailman-2.1-CAN-2005-0202.patch

diff -r -u mailman-2.1.5.orig/Mailman/Cgi/private.py mailman-2.1.5/Mailman/Cgi/private.py
--- mailman-2.1.5.orig/Mailman/Cgi/private.py   2003-02-08 02:13:50.000000000 -0500
+++ mailman-2.1.5/Mailman/Cgi/private.py        2005-02-08 11:35:02.272307000 -0500
@@ -18,6 +18,7 @@
 """
 
 import os
+import re
 import sys
 import cgi
 import mimetypes
@@ -39,8 +40,7 @@
 
 def true_path(path):
     "Ensure that the path is safe by removing .."
-    path = path.replace('../', '')
-    path = path.replace('./', '')
+    path = re.sub('\.+/+', '', path)
     return path[1:]
 
 
1	slords	1.1	diff -r -u mailman-2.1.5.orig/Mailman/Cgi/private.py mailman-2.1.5/Mailman/Cgi/private.py
2			--- mailman-2.1.5.orig/Mailman/Cgi/private.py 2003-02-08 02:13:50.000000000 -0500
3			+++ mailman-2.1.5/Mailman/Cgi/private.py 2005-02-08 11:35:02.272307000 -0500
4			@@ -18,6 +18,7 @@
5			"""
6
7			import os
8			+import re
9			import sys
10			import cgi
11			import mimetypes
12			@@ -39,8 +40,7 @@
13
14			def true_path(path):
15			"Ensure that the path is safe by removing .."
16			- path = path.replace('../', '')
17			- path = path.replace('./', '')
18			+ path = re.sub('\.+/+', '', path)
19			return path[1:]
20
21