Make sure the final destination path is always sanitized and trimmed.

Titles coming from RSS and processed by Sorting escaped sanitation.

sabnzbd/misc.py

@@ -265,6 +265,23 @@ def sanitize_foldername(name, limit=True):
 
     return name
 
+#------------------------------------------------------------------------------
+def sanitize_and_trim_path(path):
+    """ Remove illegal characters and trim element size
+    """
+    path = path.replace('\\', '/')
+    parts = path.split('/')
+    if sabnzbd.WIN32 and len(parts[0]) == 2 and ':' in parts[0]:
+        new_path = parts[0]
+        parts.pop(0)
+    elif path.startswith('/'):
+        new_path = '/'
+    else:
+        new_path = ''
+    for part in parts:
+        new_path = os.path.join(new_path, sanitize_foldername(part))
+    return new_path
+
 
 #------------------------------------------------------------------------------
 def flag_file(path, flag, create=False):

sabnzbd/postproc.py

@@ -31,7 +31,7 @@ import re
 from sabnzbd.newsunpack import unpack_magic, par2_repair, external_processing, sfv_check
 from threading import Thread
 from sabnzbd.misc import real_path, get_unique_path, create_dirs, move_to_path, \
-                         make_script_path, \
+                         make_script_path, sanitize_and_trim_path, \
                          on_cleanup_list, renamer, remove_dir, remove_all, globber, \
                          set_permissions, cleanup_empty_directories
 from sabnzbd.tvsort import Sorter
@@ -321,6 +321,8 @@ def process_job(nzo):
             if file_sorter.sort_file:
                 one_folder = False
 
+            complete_dir = sanitize_and_trim_path(complete_dir)
+
             if one_folder:
                 workdir_complete = create_dirs(complete_dir)
             else: