assert sanitized and stripped paths

radicale/rights/authenticated.py

@@ -27,7 +27,7 @@ class Rights(rights.BaseRights):
     def authorized(self, user, path, permissions):
         if self._verify_user and not user:
             return ""
-        sane_path = pathutils.sanitize_path(path).strip("/")
+        sane_path = pathutils.strip_path(path)
         if "/" not in sane_path:
             return rights.intersect_permissions(permissions, "RW")
         if sane_path.count("/") == 1:

radicale/rights/from_file.py

@@ -30,7 +30,7 @@ class Rights(rights.BaseRights):
 
     def authorized(self, user, path, permissions):
         user = user or ""
-        sane_path = pathutils.sanitize_path(path).strip("/")
+        sane_path = pathutils.strip_path(path)
         # Prevent "regex injection"
         user_escaped = re.escape(user)
         sane_path_escaped = re.escape(sane_path)

radicale/rights/owner_only.py

@@ -23,7 +23,7 @@ class Rights(authenticated.Rights):
     def authorized(self, user, path, permissions):
         if self._verify_user and not user:
             return ""
-        sane_path = pathutils.sanitize_path(path).strip("/")
+        sane_path = pathutils.strip_path(path)
         if not sane_path:
             return rights.intersect_permissions(permissions, "R")
         if self._verify_user and user != sane_path.split("/", maxsplit=1)[0]:

radicale/rights/owner_write.py

@@ -23,7 +23,7 @@ class Rights(authenticated.Rights):
     def authorized(self, user, path, permissions):
         if self._verify_user and not user:
             return ""
-        sane_path = pathutils.sanitize_path(path).strip("/")
+        sane_path = pathutils.strip_path(path)
         if not sane_path:
             return rights.intersect_permissions(permissions, "R")
         if self._verify_user: