assert sanitized and stripped paths

2025-08-07 18:30:54 +00:00 · 2018-08-28 16:19:50 +02:00 · 2018-08-28 16:19:50 +02:00 · 5429f5c1a9
commit 5429f5c1a9
parent c08754cf92
19 changed files with 108 additions and 72 deletions
--- a/radicale/rights/from_file.py
+++ b/radicale/rights/from_file.py
@ -30,7 +30,7 @@ class Rights(rights.BaseRights):

    def authorized(self, user, path, permissions):
        user = user or ""
-        sane_path = pathutils.sanitize_path(path).strip("/")
+        sane_path = pathutils.strip_path(path)
        # Prevent "regex injection"
        user_escaped = re.escape(user)
        sane_path_escaped = re.escape(sane_path)