diff --git a/homeassistant/util/__init__.py b/homeassistant/util/__init__.py index db1bbaa9993..d3178cb5ddd 100644 --- a/homeassistant/util/__init__.py +++ b/homeassistant/util/__init__.py @@ -33,13 +33,33 @@ RE_SANITIZE_PATH = re.compile(r"(~|\.(\.)+)") def sanitize_filename(filename: str) -> str: - r"""Sanitize a filename by removing .. / and \\.""" - return RE_SANITIZE_FILENAME.sub("", filename) + """Check if a filename is safe. + + Only to be used to compare to original filename to check if changed. + If result changed, the given path is not safe and should not be used, + raise an error. + + DEPRECATED. + """ + # Backwards compatible fix for misuse of method + if RE_SANITIZE_FILENAME.sub("", filename) != filename: + return "" + return filename def sanitize_path(path: str) -> str: - """Sanitize a path by removing ~ and ..""" - return RE_SANITIZE_PATH.sub("", path) + """Check if a path is safe. + + Only to be used to compare to original path to check if changed. + If result changed, the given path is not safe and should not be used, + raise an error. + + DEPRECATED. + """ + # Backwards compatible fix for misuse of method + if RE_SANITIZE_PATH.sub("", path) != path: + return "" + return path def slugify(text: str, *, separator: str = "_") -> str: diff --git a/tests/util/test_init.py b/tests/util/test_init.py index 2ffca07082b..8ba034b79da 100644 --- a/tests/util/test_init.py +++ b/tests/util/test_init.py @@ -11,17 +11,17 @@ import homeassistant.util.dt as dt_util def test_sanitize_filename(): """Test sanitize_filename.""" assert util.sanitize_filename("test") == "test" - assert util.sanitize_filename("/test") == "test" - assert util.sanitize_filename("..test") == "test" - assert util.sanitize_filename("\\test") == "test" - assert util.sanitize_filename("\\../test") == "test" + assert util.sanitize_filename("/test") == "" + assert util.sanitize_filename("..test") == "" + assert util.sanitize_filename("\\test") == "" + assert util.sanitize_filename("\\../test") == "" def test_sanitize_path(): """Test sanitize_path.""" assert util.sanitize_path("test/path") == "test/path" - assert util.sanitize_path("~test/path") == "test/path" - assert util.sanitize_path("~/../test/path") == "//test/path" + assert util.sanitize_path("~test/path") == "" + assert util.sanitize_path("~/../test/path") == "" def test_slugify():