--- Mailman/Cgi/private.py.orig	2005-02-08 19:39:44.980596944 -0800
+++ Mailman/Cgi/private.py	2005-02-08 19:40:52.834281616 -0800
@@ -37,11 +37,12 @@
 
 
 
+SLASH = '/'
+
 def true_path(path):
     "Ensure that the path is safe by removing .."
-    path = path.replace('../', '')
-    path = path.replace('./', '')
-    return path[1:]
+    parts = [x for x in path.split(SLASH) if x not in ('.', '..')]
+    return SLASH.join(parts)[1:]