diff options
| author | Georg Ehrke <developer@georgehrke.com> | 2020-09-10 12:55:41 +0200 |
|---|---|---|
| committer | Georg Ehrke <developer@georgehrke.com> | 2020-09-10 16:00:03 +0200 |
| commit | b5204a78ccd5d8a00e0ac3d7c0e6d1ab5ad5bfe8 (patch) | |
| tree | 8b03a38656d5e797e766d2dd45ce35eb67fb9068 /apps/dav | |
| parent | a89c8a257db7c86d05e2df0f2fc2858e57353739 (diff) | |
| download | nextcloud-server-b5204a78ccd5d8a00e0ac3d7c0e6d1ab5ad5bfe8.tar.gz nextcloud-server-b5204a78ccd5d8a00e0ac3d7c0e6d1ab5ad5bfe8.zip | |
Mitigate encoding issue with user principal uri
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Diffstat (limited to 'apps/dav')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Principal.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php index cfe9a6d7f73..1ddbc1a6083 100644 --- a/apps/dav/lib/Connector/Sabre/Principal.php +++ b/apps/dav/lib/Connector/Sabre/Principal.php @@ -168,7 +168,11 @@ class Principal implements BackendInterface { } if ($prefix === $this->principalPrefix) { - $user = $this->userManager->get($name); + // Depending on where it is called, it may happen that this function + // is called either with a urlencoded version of the name or with a non-urlencoded one. + // The urldecode function replaces %## and +, both of which are forbidden in usernames. + // Hence there can be no ambiguity here and it is safe to call urldecode on all usernames + $user = $this->userManager->get(urldecode($name)); if ($user !== null) { return $this->userToPrincipal($user); |