...d'0h!
Subscriber addresses and passwords have been compromised.
...That's an improvement, but better is to extract and validate the tail of the path to your repository and then anchor the root where it belongs.
SLASH = '/'
def true_path(path): "Ensure that the path is safe by removing .." parts = [x for x in path.split(SLASH) if x not in ('.', '..')] return SLASH.join(parts)[1:]
- Steve
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html