mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-05 14:17:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize URLs from XML requests

Browse source
This commit is contained in:
Unrud 2016-09-04 20:18:44 +02:00
parent 13d652b094
commit 139076faee
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
radicale/xmlutils.py
View file

@ -766,7 +766,8 @@ def report(base_prefix, path, xml_request, collection):
# Read rfc4791-7.9 for info
hreferences = set()
for href_element in root.findall(_tag("D", "href")):
href_path = unquote(urlparse(href_element.text).path)
href_path = storage.sanitize_path(
unquote(urlparse(href_element.text).path))
if (href_path + "/").startswith(base_prefix + "/"):
hreferences.add(href_path[len(base_prefix):])
else: