[CalendarServer-changes] [7830] CalendarServer/trunk/txdav/caldav/datastore
source_changes at macosforge.org
source_changes at macosforge.org
Thu Jul 28 08:06:21 PDT 2011
Revision: 7830
http://trac.macosforge.org/projects/calendarserver/changeset/7830
Author: cdaboo at apple.com
Date: 2011-07-28 08:06:19 -0700 (Thu, 28 Jul 2011)
Log Message:
-----------
Make sure UIDs mapped to dropbox paths are "safe".
Modified Paths:
--------------
CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py
CalendarServer/trunk/txdav/caldav/datastore/util.py
Modified: CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py 2011-07-27 23:39:57 UTC (rev 7829)
+++ CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py 2011-07-28 15:06:19 UTC (rev 7830)
@@ -242,3 +242,31 @@
)
+ @inlineCallbacks
+ def test_UIDbadPath(self):
+
+ test_UIDs = (
+ ("12345/67890", "12345-67890"),
+ ("http://12345,67890", "12345,67890"),
+ ("https://12345,67890", "12345,67890"),
+ ("12345:67890", "1234567890"),
+ ("12345.67890", "1234567890"),
+ ("12345/6:7.890", "12345-67890"),
+ )
+
+ for uid, result in test_UIDs:
+ resource = DropboxIDTests.FakeCalendarResource("""BEGIN:VCALENDAR
+VERSION:2.0
+BEGIN:VEVENT
+UID:%s
+DTSTART:20071114T000000Z
+ATTENDEE:mailto:user1 at example.com
+ATTENDEE:mailto:user2 at example.com
+END:VEVENT
+END:VCALENDAR
+""" % (uid,))
+
+ self.assertEquals(
+ (yield dropboxIDFromCalendarObject(resource)),
+ "%s.dropbox" % (result,),
+ )
Modified: CalendarServer/trunk/txdav/caldav/datastore/util.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/util.py 2011-07-27 23:39:57 UTC (rev 7829)
+++ CalendarServer/trunk/txdav/caldav/datastore/util.py 2011-07-28 15:06:19 UTC (rev 7830)
@@ -107,7 +107,16 @@
except IndexError:
pass
- returnValue(calendarObject.uid() + ".dropbox")
+ # Return a "safe" version of the UID
+ uid = calendarObject.uid()
+ if uid.startswith("http://"):
+ uid = uid.replace("http://", "")
+ if uid.startswith("https://"):
+ uid = uid.replace("https://", "")
+ uid = uid.replace("/", "-")
+ uid = uid.replace(":", "")
+ uid = uid.replace(".", "")
+ returnValue(uid + ".dropbox")
@inlineCallbacks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110728/bde05255/attachment.html>
More information about the calendarserver-changes
mailing list