From: Georg Ehrke <developer@georgehrke.com>
Date: Thu, 10 Sep 2020 10:55:41 +0000 (+0200)
Subject: Mitigate encoding issue with user principal uri
X-Git-Tag: v20.0.0RC1~40^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=b5204a78ccd5d8a00e0ac3d7c0e6d1ab5ad5bfe8;p=nextcloud-server.git

Mitigate encoding issue with user principal uri

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
---

diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index cfe9a6d7f73..1ddbc1a6083 100644
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -168,7 +168,11 @@ class Principal implements BackendInterface {
 		}
 
 		if ($prefix === $this->principalPrefix) {
-			$user = $this->userManager->get($name);
+			// Depending on where it is called, it may happen that this function
+			// is called either with a urlencoded version of the name or with a non-urlencoded one.
+			// The urldecode function replaces %## and +, both of which are forbidden in usernames.
+			// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
+			$user = $this->userManager->get(urldecode($name));
 
 			if ($user !== null) {
 				return $this->userToPrincipal($user);