Hi!
Am Fri, Feb 11, 2005 at 10:06:55AM +0900, Tokio Kikuchi schrieb:
> >Python 1 (respective at least 1.5.2) complains about syntax
> >errors. (Which, in fact, also helps against the vulnerability by
> >displaying the "You've found a Mailman bug" page. ;-)
>
> Change the true_path function as:
>
> def true_path(path):
> "Ensure that the path is safe by removing .."
> import re
> path = re.sub('\.+/+', '', path)
> return path[1:]
>
> and try.
Perfect. Thanks! And I've even learned a little bit more Python today. :-)
> Sorry but I have no 2.0.x around
Probably doesn't matter. The function is exactly the same as in 2.1.5.
> but only found a machine which have working Python 1.x installed.
Thanks for searching.
Kind regards, Axel Beckert
--
-------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
it security solutions * web applications with apache and perl
Mail: Tulpenstrasse 5 D-55276 Dienheim near Mainz
E-Mail: [EMAIL PROTECTED] Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
-------------------------------------------------------------
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
