--- Begin Message ---David Morse <[EMAIL PROTECTED]> wrote: > >If I look at the logs, this seems to be the problem > >admin(1853): File "/usr/lib/mailman/Mailman/Cgi/private.py", line 42, >in true_path >admin(1853): parts = [x for x in path.split(SLASH) if x not in ('.', >'..')] >admin(1853): NameError: global name 'SLASH' is not defined > >here's the source: > >def true_path(path): > "Ensure that the path is safe by removing .." > parts = [x for x in path.split(SLASH) if x not in ('.', '..')] > return '/'.join(parts)[1:] > >What do the learned developers think of replacing SLASH with '/' or >something? I'm just guessing here...It appears that someone attempted to apply the patch at http://www.list.org/CAN-2005-0202.txt or some other version thereof and has left out the definition of SLASH. See the above URL for the full patch. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
--- End Message ---
Our version has not exactly this patch, but anyway adding the definition
of SLASH='/' gets the arciving working again. Donno about the security
issues though.
