--- a/src/server/plugins/postgresql/webdav.c	Sat May 14 10:49:04 2022 +0200
+++ b/src/server/plugins/postgresql/webdav.c	Sat May 14 11:18:14 2022 +0200
@@ -523,12 +523,17 @@
                 log_ereport(LOG_FAILURE, "pg_dav_propfind_do: query returned invalid path");
                 return 1;
             }
-            char *newres_href = pool_malloc(pool, pathlen+2);
-            memcpy(newres_href, path, pathlen);
+            if(pathlen > PG_MAX_PATH_LEN) {
+                log_ereport(LOG_FAILURE, "pg_dav_propfind_do: path too long: resource_id: %s", res_id);
+                return 1;
+            }
+            char *newres_href = pool_malloc(pool, (pathlen*3)+2);
+            util_uri_escape(newres_href, path);
             if(iscollection && path[pathlen-1] != '/') {
-                newres_href[pathlen++] = '/';
+                size_t newres_href_len = strlen(newres_href);
+                newres_href[newres_href_len] = '/';
+                newres_href[newres_href_len+1] = '\0';
             }
-            newres_href[pathlen] = '\0';
             
             // new resource
             resource = response->addresource(response, newres_href);