From a12ef691291e04530785125af328776737effe3a Mon Sep 17 00:00:00 2001 From: Unrud Date: Sun, 4 Sep 2016 12:55:28 +0200 Subject: [PATCH] Secure is_safe_filesystem_path_component On Windows 1/2 would be a safe filesystem path component, but it's not safe to pass it to path_to_filesystem. Currently only the get method can be called with a href like that and it checked for that. This just moves the check into the is_safe_filesystem_path_component function. --- radicale/storage.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/radicale/storage.py b/radicale/storage.py index 78d54b9a..8fb5bd28 100644 --- a/radicale/storage.py +++ b/radicale/storage.py @@ -142,7 +142,8 @@ def is_safe_path_component(path): def is_safe_filesystem_path_component(path): - """Check if path is a single component of a filesystem path. + """Check if path is a single component of a local and posix filesystem + path. Check that the path is safe to join too. @@ -150,7 +151,8 @@ def is_safe_filesystem_path_component(path): return ( path and not os.path.splitdrive(path)[0] and not os.path.split(path)[0] and path not in (os.curdir, os.pardir) and - not path.startswith(".") and not path.endswith("~")) + not path.startswith(".") and not path.endswith("~") and + is_safe_path_component(path)) def path_to_filesystem(root, *paths): @@ -628,7 +630,7 @@ class Collection(BaseCollection): def get(self, href): if not href: return None - href = href.strip("{}").replace("/", "_") + href = href.strip("{}") if not is_safe_filesystem_path_component(href): self.logger.debug( "Can't translate name safely to filesystem: %s", href)