Sanitize URLs from XML requests

This commit is contained in:
Unrud 2016-09-04 20:18:44 +02:00
parent 13d652b094
commit 139076faee

View File

@ -766,7 +766,8 @@ def report(base_prefix, path, xml_request, collection):
# Read rfc4791-7.9 for info # Read rfc4791-7.9 for info
hreferences = set() hreferences = set()
for href_element in root.findall(_tag("D", "href")): for href_element in root.findall(_tag("D", "href")):
href_path = unquote(urlparse(href_element.text).path) href_path = storage.sanitize_path(
unquote(urlparse(href_element.text).path))
if (href_path + "/").startswith(base_prefix + "/"): if (href_path + "/").startswith(base_prefix + "/"):
hreferences.add(href_path[len(base_prefix):]) hreferences.add(href_path[len(base_prefix):])
else: else: