Skip to content

Commit

Permalink
* Corrected is_prefix backwardsness in pywebdav/utils.py (thanks, mik…
Browse files Browse the repository at this point in the history
…2k2!)

* Fixed a bug where attempting to move a collection to itself would result in homicide.
  • Loading branch information
jaysonlarose authored and andrewleech committed Dec 30, 2022
1 parent d2a293e commit a810f9e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
5 changes: 3 additions & 2 deletions pywebdav/lib/davmove.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
from .constants import COLLECTION, OBJECT, DAV_PROPS
from .constants import RT_ALLPROP, RT_PROPNAME, RT_PROP
from .errors import *
from .utils import create_treelist, quote_uri, gen_estring, make_xmlresponse
from .utils import create_treelist, quote_uri, gen_estring, make_xmlresponse, is_prefix
from .davcmd import moveone, movetree

class MOVE:
Expand Down Expand Up @@ -65,7 +65,8 @@ def tree_action(self):
# (we assume that both uris are on the same server!)
ps=urllib.parse.urlparse(self.__src)[2]
pd=urllib.parse.urlparse(self.__dst)[2]
if ps==pd: raise DAV_Error(403)
if is_prefix(ps, pd):
raise DAV_Error(403)

result=dc.movetree(self.__src,self.__dst,self.__overwrite)
if not result: return None
Expand Down
4 changes: 2 additions & 2 deletions pywebdav/lib/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ def create_treelist(dataclass,uri):
return list

def is_prefix(uri1,uri2):
""" returns 1 of uri1 is a prefix of uri2 """
""" returns 1 if uri1 is a prefix of uri2 """
path1 = urllib.parse.urlparse(uri1).path
path2 = urllib.parse.urlparse(uri2).path
return os.path.commonpath([path1, path2]) == path2
return os.path.commonpath([path1, path2]) == path1

def quote_uri(uri):
""" quote an URL but not the protocol part """
Expand Down

0 comments on commit a810f9e

Please sign in to comment.