From: Julien Veyssier <julien-nc@posteo.net>
Date: Thu, 9 Feb 2023 13:33:19 +0000 (+0100)
Subject: safer URL match in FileReferenceProvider
X-Git-Tag: v26.0.0beta4~35^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Fpull%2F36637%2Fhead;p=nextcloud-server.git

safer URL match in FileReferenceProvider

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
---

diff --git a/lib/private/Collaboration/Reference/File/FileReferenceProvider.php b/lib/private/Collaboration/Reference/File/FileReferenceProvider.php
index 4e6c7ea623f..95e49cdf860 100644
--- a/lib/private/Collaboration/Reference/File/FileReferenceProvider.php
+++ b/lib/private/Collaboration/Reference/File/FileReferenceProvider.php
@@ -62,21 +62,21 @@ class FileReferenceProvider implements IReferenceProvider {
 	}
 
 	private function getFilesAppLinkId(string $referenceText): ?int {
-		$start = $this->urlGenerator->getAbsoluteURL('/apps/files');
-		$startIndex = $this->urlGenerator->getAbsoluteURL('/index.php/apps/files');
+		$start = $this->urlGenerator->getAbsoluteURL('/apps/files/');
+		$startIndex = $this->urlGenerator->getAbsoluteURL('/index.php/apps/files/');
 
 		$fileId = null;
 
 		if (mb_strpos($referenceText, $start) === 0) {
 			$parts = parse_url($referenceText);
-			parse_str($parts['query'], $query);
+			parse_str($parts['query'] ?? '', $query);
 			$fileId = isset($query['fileid']) ? (int)$query['fileid'] : $fileId;
 			$fileId = isset($query['openfile']) ? (int)$query['openfile'] : $fileId;
 		}
 
 		if (mb_strpos($referenceText, $startIndex) === 0) {
 			$parts = parse_url($referenceText);
-			parse_str($parts['query'], $query);
+			parse_str($parts['query'] ?? '', $query);
 			$fileId = isset($query['fileid']) ? (int)$query['fileid'] : $fileId;
 			$fileId = isset($query['openfile']) ? (int)$query['openfile'] : $fileId;
 		}