Merge pull request #22770 from nextcloud/bugfix/noid/urldecode_princi…

…pal_uri
nextcloud · Sep 14, 2020 · 8e22c90 · 8e22c90
2 parents 3ffd09d + b5204a7
commit 8e22c90
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -168,7 +168,11 @@ public function getPrincipalByPath($path) {
 		}
 
 		if ($prefix === $this->principalPrefix) {
-			$user = $this->userManager->get($name);
+			// Depending on where it is called, it may happen that this function
+			// is called either with a urlencoded version of the name or with a non-urlencoded one.
+			// The urldecode function replaces %## and +, both of which are forbidden in usernames.
+			// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
+			$user = $this->userManager->get(urldecode($name));
 
 			if ($user !== null) {
 				return $this->userToPrincipal($user);