assert sanitized and stripped paths

2025-08-10 18:40:53 +00:00 · 2018-08-28 16:19:50 +02:00 · 2018-08-28 16:19:50 +02:00 · 5429f5c1a9
commit 5429f5c1a9
parent c08754cf92
19 changed files with 108 additions and 72 deletions
--- a/radicale/app/move.py
+++ b/radicale/app/move.py
@ -66,8 +66,8 @@ class ApplicationMoveMixin:
            to_item = next(self.Collection.discover(to_path), None)
            if isinstance(to_item, storage.BaseCollection):
                return httputils.FORBIDDEN
-            to_parent_path = pathutils.sanitize_path(
-                "/%s/" % posixpath.dirname(to_path.strip("/")))
+            to_parent_path = pathutils.unstrip_path(
+                posixpath.dirname(pathutils.strip_path(to_path)), True)
            to_collection = next(
                self.Collection.discover(to_parent_path), None)
            if not to_collection:
@ -83,7 +83,7 @@ class ApplicationMoveMixin:
                    to_collection.has_uid(item.uid)):
                return self.webdav_error_response(
                    "C" if tag == "VCALENDAR" else "CR", "no-uid-conflict")
-            to_href = posixpath.basename(to_path.strip("/"))
+            to_href = posixpath.basename(pathutils.strip_path(to_path))
            try:
                self.Collection.move(item, to_collection, to_href)
            except ValueError as e: