Error if SCRIPT_NAME ends with '/'

2025-08-01 18:18:31 +00:00 · 2022-01-21 19:56:57 +01:00 · 2022-01-21 19:56:57 +01:00 · 3763ed46c4
commit 3763ed46c4
parent 7fde7d5005
2 changed files with 14 additions and 0 deletions
--- a/radicale/app/init.py
+++ b/radicale/app/init.py
@ -191,6 +191,12 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
        base_prefix_src = ("HTTP_X_SCRIPT_NAME" if "HTTP_X_SCRIPT_NAME" in
                           environ else "SCRIPT_NAME")
        base_prefix = environ.get(base_prefix_src, "")
+        if base_prefix.endswith("/"):
+            logger.error("Base prefix (from %s) must not end with '/': %r",
+                         base_prefix_src, base_prefix)
+            if base_prefix_src == "HTTP_X_SCRIPT_NAME":
+                return response(*httputils.BAD_REQUEST)
+            return response(*httputils.INTERNAL_SERVER_ERROR)
        logger.debug("Base prefix (from %s): %r", base_prefix_src, base_prefix)
        # Sanitize request URI (a WSGI server indicates with an empty path,
        # that the URL targets the application root without a trailing slash)