diff options
| -rw-r--r-- | borg/remote.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/borg/remote.py b/borg/remote.py index 6a611019c..472d1ac36 100644 --- a/borg/remote.py +++ b/borg/remote.py @@ -120,8 +120,13 @@ class RepositoryServer: # pragma: no cover path = path[1:] path = os.path.realpath(os.path.expanduser(path)) if self.restrict_to_paths: + # if --restrict-to-path P is given, we make sure that we only operate in/below path P. + # for the prefix check, it is important that the compared pathes both have trailing slashes, + # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option. + path_with_sep = os.path.join(path, '') # make sure there is a trailing slash (os.sep) for restrict_to_path in self.restrict_to_paths: - if path.startswith(os.path.realpath(restrict_to_path)): + restrict_to_path_with_sep = os.path.join(os.path.realpath(restrict_to_path), '') # trailing slash + if path_with_sep.startswith(restrict_to_path_with_sep): break else: raise PathNotAllowed(path) |