mirrors/Radicale
1
0
Fork 0
mirror of https://github.com/Kozea/Radicale.git synced 2025-04-04 13:47:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

assert sanitized and stripped paths

Browse source
This commit is contained in:
Unrud 2018-08-28 16:19:50 +02:00
parent c08754cf92
commit 5429f5c1a9
19 changed files with 108 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

3
radicale/xmlutils.py
View file

@ -33,6 +33,8 @@ from collections import OrderedDict
from http import client
from urllib.parse import quote
from radicale import pathutils
MIMETYPES = {
"VADDRESSBOOK": "text/vcard",
"VCALENDAR": "text/calendar"}
@ -118,6 +120,7 @@ def make_response(code):
def make_href(base_prefix, href):
"""Return prefixed href."""
assert href == pathutils.sanitize_path(href)
return quote("%s%s" % (base_prefix, href))