Mitigate encoding issue with user principal uri

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index cfe9a6d7f7317d393d3ad4892a064c40499fb14e..1ddbc1a608309f96207f9710327e014754285fae 100644 (file)
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -168,7 +168,11 @@ class Principal implements BackendInterface {
                }
 
                if ($prefix === $this->principalPrefix) {
-                       $user = $this->userManager->get($name);
+                       // Depending on where it is called, it may happen that this function
+                       // is called either with a urlencoded version of the name or with a non-urlencoded one.
+                       // The urldecode function replaces %## and +, both of which are forbidden in usernames.
+                       // Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
+                       $user = $this->userManager->get(urldecode($name));
 
                        if ($user !== null) {
                                return $this->userToPrincipal($user);