sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Mitigate encoding issue with user principal uri 

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
pull/22770/head
Georg Ehrke 2020-09-10 12:55:41 +07:00
parent a89c8a257d
commit b5204a78cc
No known key found for this signature in database
GPG Key ID: 9D98FD9380A1CB43
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/dav/lib/Connector/Sabre/Principal.php
Unescape Escape View File

@ -168,7 +168,11 @@ class Principal implements BackendInterface {
}
if ($prefix === $this->principalPrefix) {
$user = $this->userManager->get($name);
// Depending on where it is called, it may happen that this function
// is called either with a urlencoded version of the name or with a non-urlencoded one.
// The urldecode function replaces %## and +, both of which are forbidden in usernames.
// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
$user = $this->userManager->get(urldecode($name));
if ($user !== null) {
return $this->userToPrincipal($user);