[Apt-proxy-users] Error in /../ path check in apt-proxy-v2

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

There seems to be an error in the /../ security check in apt_proxy.py in
apt-proxy-v2, around line 1164 in the current CVS version the following
can be found:

        if re.search('/../', self.uri):
            log.debug("/../ in simplified uri ("+self.uri+")")
            self.finishCode(http.FORBIDDEN)
            return

however, since (I believe, I've never written/read python b4) a regular
expression check, and '.' matches anything in a regular expression the
/../ is actually picking up on any directory of 2 characters. This is
causing a request to be rejected if you try to install packages with a 2
char name (such as 'bc' and 'dc'), changing that line to instead read:

        if re.search('/\.\./', self.uri):

seems to resolve the problem.

-- 
Simon Hyde
[insert pointless signature here]