oss/Radicale
oss/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-06-26 16:45:52 +00:00
Code Wiki Activity

Sanitize URLs from XML requests

Browse source
This commit is contained in:
Unrud 2016-09-04 20:18:44 +02:00
parent 13d652b094
commit 139076faee
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
radicale/xmlutils.py
View file

@ -766,7 +766,8 @@ def report(base_prefix, path, xml_request, collection):
# Read rfc4791-7.9 for info # Read rfc4791-7.9 for info
hreferences = set() hreferences = set()
for href_element in root.findall(_tag("D", "href")): for href_element in root.findall(_tag("D", "href")):
href_path = unquote(urlparse(href_element.text).path) href_path = storage.sanitize_path(
unquote(urlparse(href_element.text).path))
if (href_path + "/").startswith(base_prefix + "/"): if (href_path + "/").startswith(base_prefix + "/"):
hreferences.add(href_path[len(base_prefix):]) hreferences.add(href_path[len(base_prefix):])
else: else: