From 6b7e79a368be86d266c51cf50915324490a1b728 Mon Sep 17 00:00:00 2001
From: Unrud <unrud@openaliasbox.org>
Date: Thu, 24 Dec 2015 10:07:04 +0100
Subject: [PATCH] Use sanitize_path instead of normpath See
 a7b47f075499a1e1b40539bc1fa872a3ab77a204 The check for "." is now needless
 because the sane path is always absolute. ```path.replace(os.sep, "/")``` is
 only relevant for the (multi)filesystem backend and should be there.

---
 radicale/ical.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/radicale/ical.py b/radicale/ical.py
index 46fb419..e6cb1ee 100644
--- a/radicale/ical.py
+++ b/radicale/ical.py
@@ -26,13 +26,14 @@ Define the main classes of a collection as seen from the server.
 """
 
 import os
-import posixpath
 import hashlib
 import re
 from uuid import uuid4
 from random import randint
 from contextlib import contextmanager
 
+from . import pathutils
+
 
 def serialize(tag, headers=(), items=()):
     """Return a text corresponding to given collection ``tag``.
@@ -183,8 +184,9 @@ class Collection(object):
 
         """
         self.encoding = "utf-8"
-        split_path = path.split("/")
-        self.path = path if path != "." else ""
+        # path should already be sanitized
+        self.path = pathutils.sanitize_path(path).strip("/")
+        split_path = self.path.split("/")
         if principal and split_path and self.is_node(self.path):
             # Already existing principal collection
             self.owner = split_path[0]
@@ -215,8 +217,8 @@ class Collection(object):
         if path is None:
             return []
 
-        # First do normpath and then strip, to prevent access to FOLDER/../
-        sane_path = posixpath.normpath(path.replace(os.sep, "/")).strip("/")
+        # path should already be sanitized
+        sane_path = pathutils.sanitize_path(path).strip("/")
         attributes = sane_path.split("/")
         if not attributes:
             return []