From 5252836f44c79d4aad86f4de46be028e68f728cf Mon Sep 17 00:00:00 2001 From: Julius Härtl Date: Thu, 19 Mar 2020 16:02:26 +0100 Subject: Make sure the group id parameter gets properly encoded when used in URLs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- apps/settings/src/components/UserList.vue | 3 +++ apps/settings/src/store/users.js | 6 +++--- apps/settings/src/views/Users.vue | 9 ++++++--- 3 files changed, 12 insertions(+), 6 deletions(-) (limited to 'apps/settings') diff --git a/apps/settings/src/components/UserList.vue b/apps/settings/src/components/UserList.vue index 134935fdc9c..4498b6eba32 100644 --- a/apps/settings/src/components/UserList.vue +++ b/apps/settings/src/components/UserList.vue @@ -312,6 +312,9 @@ export default { settings() { return this.$store.getters.getServerData }, + selectedGroupDecoded() { + return decodeURIComponent(this.selectedGroup) + }, filteredUsers() { if (this.selectedGroup === 'disabled') { return this.users.filter(user => user.enabled === false) diff --git a/apps/settings/src/store/users.js b/apps/settings/src/store/users.js index 52131fbfd63..83bc32d7b6a 100644 --- a/apps/settings/src/store/users.js +++ b/apps/settings/src/store/users.js @@ -205,7 +205,7 @@ const actions = { search = typeof search === 'string' ? search : '' group = typeof group === 'string' ? group : '' if (group !== '') { - return api.get(OC.linkToOCS(`cloud/groups/${encodeURIComponent(group)}/users/details?offset=${offset}&limit=${limit}&search=${search}`, 2)) + return api.get(OC.linkToOCS(`cloud/groups/${encodeURIComponent(encodeURIComponent(group))}/users/details?offset=${offset}&limit=${limit}&search=${search}`, 2)) .then((response) => { if (Object.keys(response.data.ocs.data.users).length > 0) { context.commit('appendUsers', response.data.ocs.data.users) @@ -275,7 +275,7 @@ const actions = { * @returns {Promise} */ getUsersFromGroup(context, { groupid, offset, limit }) { - return api.get(OC.linkToOCS(`cloud/users/${encodeURIComponent(groupid)}/details?offset=${offset}&limit=${limit}`, 2)) + return api.get(OC.linkToOCS(`cloud/users/${encodeURIComponent(encodeURIComponent(groupid))}/details?offset=${offset}&limit=${limit}`, 2)) .then((response) => context.commit('getUsersFromList', response.data.ocs.data.users)) .catch((error) => context.commit('API_FAILURE', error)) }, @@ -320,7 +320,7 @@ const actions = { */ removeGroup(context, gid) { return api.requireAdmin().then((response) => { - return api.delete(OC.linkToOCS(`cloud/groups/${encodeURIComponent(gid)}`, 2)) + return api.delete(OC.linkToOCS(`cloud/groups/${encodeURIComponent(encodeURIComponent(gid))}`, 2)) .then((response) => context.commit('removeGroup', gid)) .catch((error) => { throw error }) }).catch((error) => context.commit('API_FAILURE', { gid, error })) diff --git a/apps/settings/src/views/Users.vue b/apps/settings/src/views/Users.vue index 336d7bfe931..d174768fc80 100644 --- a/apps/settings/src/views/Users.vue +++ b/apps/settings/src/views/Users.vue @@ -79,7 +79,7 @@ :key="group.id" :exact="true" :title="group.title" - :to="{ name: 'group', params: { selectedGroup: group.id } }"> + :to="{ name: 'group', params: { selectedGroup: encodeURIComponent(group.id) } }"> {{ group.count }} @@ -149,7 +149,7 @@ @@ -215,6 +215,9 @@ export default { } }, computed: { + selectedGroupDecoded() { + return this.selectedGroup ? decodeURIComponent(this.selectedGroup) : null + }, users() { return this.$store.getters.getUsers }, @@ -452,7 +455,7 @@ export default { this.$router.push({ name: 'group', params: { - selectedGroup: gid.trim(), + selectedGroup: encodeURIComponent(gid.trim()), }, }) } catch { -- cgit v1.2.3