setupFavLink_private() on Linux does not escape % sign in path, creating malformed GTK bookmark, causing crash for GTK applications in glib

[paradox-ptr]

Expected behaviour

Nextcloud desktop client creates GTK bookmark after first connection to new server. ~/.config/gtk-3.0/bookmarks
% sign in bookmark path should be escaped as %25.
Reading malformed bookmark causes other GTK applications to crash in glib, when gtk+ is trying to validate the GFile path.

Actual behaviour

% sign in path is not escaped.

Steps to reproduce

1. Start nextcloud client
2. Connect to Nextcloud URL
3. Approve connection in browser
4. Choose path with % in it. I.e.: /drv/secondary/%NEXTCLOUD
5. Malformed bookmark in $HOME/.config/gtk-3.0/bookmarks config is created.

Client configuration

Client version: github/master 4e8a5d7

Operating system: Gentoo Linux amd64

OS language: en_US

Qt version used by client package (Linux only, see also Settings dialog): 5.15.2-r14

Client package (From Nextcloud or distro) (Linux only): Nextcloud github/master

Installation path of client: ~/nextcloud-desktop-client/

Logs

20220120_0146_owncloud.log

Other

The crash itself is GTK+ issue, and is fixed here: https://gitlab.gnome.org/GNOME/gtk/-/issues/4643 with more details there.
However, there is an issue of character not being escaped.
According to GTK+ developer, it should be:

GFile operates in terms of URIs, not paths, and an unescaped % is not a valid character in the path component of a URI. To be valid, it should be %25.

It would be interesting to know where the % is getting into the URI here. Likely some component is building a path into a URI and not escaping it correctly at the time; but it’s not clear which component.

Thread 1 "nextcloud" hit Breakpoint 1, OCC::Utility::setupFavLink (folder=...) at /home/testuser/nextcloud/desktop/src/common/utility.cpp:109      
109         setupFavLink_private(folder);
(gdb) s                                             
OCC::setupFavLink_private (folder=...) at /home/testuser/nextcloud/desktop/src/common/utility_unix.cpp:26
26      {                                           
(gdb) s                                             
28          QFile gtkBookmarks(QDir::homePath() + QLatin1String("/.config/gtk-3.0/bookmarks"));
(gdb) n                                             
29          QByteArray folderUrl = "file://" + folder.toUtf8();
(gdb) print folder                                  
$1 = (const QString &) @0x7fffffffcdc0: {d = 0x555558e49430}
(gdb) print folder.toStdString().c_str()  
[Thread 0x7fffeb7fe640 (LWP 24443) exited]
[Thread 0x7ffff0d82640 (LWP 24441) exited]
[Thread 0x7fffebfff640 (LWP 24442) exited]
[Thread 0x7fffeaffd640 (LWP 24444) exited]
$2 = 0x555558e27060 "/drv/secondary/%NEXTCLOUD"

desktop/src/common/utility_unix.cpp:

 25 static void setupFavLink_private(const QString &folder)
 26 {
 27     // Nautilus: add to ~/.gtk-bookmarks
 28     QFile gtkBookmarks(QDir::homePath() + QLatin1String("/.config/gtk-3.0/bookmarks"));
 29     QByteArray folderUrl = "file://" + folder.toUtf8();

[github-actions]

This bug report did not receive an update in the last 4 weeks. Please take a look again and update the issue with new details, otherwise the issue will be automatically closed in 2 weeks. Thank you!

[github-actions]

This bug report is getting automatically closed due to no answer since the issue has been staled. Thank you!