|
Lines 93-98
Link Here
|
| 93 |
# |
93 |
# |
| 94 |
# The former two are for 2.1alpha3 and beyond, while the latter two are |
94 |
# The former two are for 2.1alpha3 and beyond, while the latter two are |
| 95 |
# for all earlier versions. |
95 |
# for all earlier versions. |
|
|
96 |
# |
| 97 |
# But first ensure the list name doesn't contain a path traversal |
| 98 |
# attack. |
| 99 |
if len(re.sub(mm_cfg.ACCEPTABLE_LISTNAME_CHARACTERS, '', listname)) > 0: |
| 100 |
syslog('mischief', 'Hostile listname: %s', listname) |
| 101 |
return False |
| 96 |
basepath = Site.get_listpath(listname) |
102 |
basepath = Site.get_listpath(listname) |
| 97 |
for ext in ('.pck', '.pck.last', '.db', '.db.last'): |
103 |
for ext in ('.pck', '.pck.last', '.db', '.db.last'): |
| 98 |
dbfile = os.path.join(basepath, 'config' + ext) |
104 |
dbfile = os.path.join(basepath, 'config' + ext) |