[CalendarServer-changes] [7830] CalendarServer/trunk/txdav/caldav/datastore

source_changes at macosforge.org source_changes at macosforge.org
Thu Jul 28 08:06:21 PDT 2011 

Revision: 7830
          http://trac.macosforge.org/projects/calendarserver/changeset/7830
Author:   cdaboo at apple.com
Date:     2011-07-28 08:06:19 -0700 (Thu, 28 Jul 2011)
Log Message:
-----------
Make sure UIDs mapped to dropbox paths are "safe".

Modified Paths:
--------------
    CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py
    CalendarServer/trunk/txdav/caldav/datastore/util.py

Modified: CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py	2011-07-27 23:39:57 UTC (rev 7829)
+++ CalendarServer/trunk/txdav/caldav/datastore/test/test_util.py	2011-07-28 15:06:19 UTC (rev 7830)
@@ -242,3 +242,31 @@
         )
 
 
+    @inlineCallbacks
+    def test_UIDbadPath(self):
+        
+        test_UIDs = (
+            ("12345/67890", "12345-67890"),
+            ("http://12345,67890", "12345,67890"),
+            ("https://12345,67890", "12345,67890"),
+            ("12345:67890", "1234567890"),
+            ("12345.67890", "1234567890"),
+            ("12345/6:7.890", "12345-67890"),
+        )
+
+        for uid, result in test_UIDs:
+            resource = DropboxIDTests.FakeCalendarResource("""BEGIN:VCALENDAR
+VERSION:2.0
+BEGIN:VEVENT
+UID:%s
+DTSTART:20071114T000000Z
+ATTENDEE:mailto:user1 at example.com
+ATTENDEE:mailto:user2 at example.com
+END:VEVENT
+END:VCALENDAR
+""" % (uid,))
+    
+            self.assertEquals(
+                (yield dropboxIDFromCalendarObject(resource)),
+                "%s.dropbox" % (result,),
+            )

Modified: CalendarServer/trunk/txdav/caldav/datastore/util.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/util.py	2011-07-27 23:39:57 UTC (rev 7829)
+++ CalendarServer/trunk/txdav/caldav/datastore/util.py	2011-07-28 15:06:19 UTC (rev 7830)
@@ -107,7 +107,16 @@
             except IndexError:
                 pass
 
-    returnValue(calendarObject.uid() + ".dropbox")
+    # Return a "safe" version of the UID
+    uid = calendarObject.uid()
+    if uid.startswith("http://"):
+        uid = uid.replace("http://", "")
+    if uid.startswith("https://"):
+        uid = uid.replace("https://", "")
+    uid = uid.replace("/", "-")
+    uid = uid.replace(":", "")
+    uid = uid.replace(".", "")
+    returnValue(uid + ".dropbox")
 
 
 @inlineCallbacks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20110728/bde05255/attachment.html>

More information about the calendarserver-changes mailing list