diff options
| author | Morris Jobke <hey@morrisjobke.de> | 2020-09-14 17:16:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-14 17:16:29 +0200 |
| commit | cff44e4924e1d949ddd2b45582ef503a51a9d7c5 (patch) | |
| tree | 0678d6947d3cc63bdeb4a46ad4c9c990f81a2b0d | |
| parent | 5b8f18e3c0df762e1cdb07cff357cef5d95f63ac (diff) | |
| parent | 0322268f1338addfce6c0b2d2ff5f8c082d48e84 (diff) | |
| download | nextcloud-server-cff44e4924e1d949ddd2b45582ef503a51a9d7c5.tar.gz nextcloud-server-cff44e4924e1d949ddd2b45582ef503a51a9d7c5.zip | |
Merge pull request #22841 from nextcloud/backport/22770/stable18
[stable18] Mitigate encoding issue with user principal uri
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Principal.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php index 449275e982f..2e5717f44a6 100644 --- a/apps/dav/lib/Connector/Sabre/Principal.php +++ b/apps/dav/lib/Connector/Sabre/Principal.php @@ -168,7 +168,11 @@ class Principal implements BackendInterface { } if ($prefix === $this->principalPrefix) { - $user = $this->userManager->get($name); + // Depending on where it is called, it may happen that this function + // is called either with a urlencoded version of the name or with a non-urlencoded one. + // The urldecode function replaces %## and +, both of which are forbidden in usernames. + // Hence there can be no ambiguity here and it is safe to call urldecode on all usernames + $user = $this->userManager->get(urldecode($name)); if ($user !== null) { return $this->userToPrincipal($user); |