From 5252836f44c79d4aad86f4de46be028e68f728cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Thu, 19 Mar 2020 16:02:26 +0100
Subject: [PATCH] Make sure the group id parameter gets properly encoded when
used in URLs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
apps/settings/src/components/UserList.vue | 3 +++
apps/settings/src/store/users.js | 6 +++---
apps/settings/src/views/Users.vue | 9 ++++++---
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/apps/settings/src/components/UserList.vue b/apps/settings/src/components/UserList.vue
index 134935fdc9c..4498b6eba32 100644
--- a/apps/settings/src/components/UserList.vue
+++ b/apps/settings/src/components/UserList.vue
@@ -312,6 +312,9 @@ export default {
settings() {
return this.$store.getters.getServerData
},
+ selectedGroupDecoded() {
+ return decodeURIComponent(this.selectedGroup)
+ },
filteredUsers() {
if (this.selectedGroup === 'disabled') {
return this.users.filter(user => user.enabled === false)
diff --git a/apps/settings/src/store/users.js b/apps/settings/src/store/users.js
index 52131fbfd63..83bc32d7b6a 100644
--- a/apps/settings/src/store/users.js
+++ b/apps/settings/src/store/users.js
@@ -205,7 +205,7 @@ const actions = {
search = typeof search === 'string' ? search : ''
group = typeof group === 'string' ? group : ''
if (group !== '') {
- return api.get(OC.linkToOCS(`cloud/groups/${encodeURIComponent(group)}/users/details?offset=${offset}&limit=${limit}&search=${search}`, 2))
+ return api.get(OC.linkToOCS(`cloud/groups/${encodeURIComponent(encodeURIComponent(group))}/users/details?offset=${offset}&limit=${limit}&search=${search}`, 2))
.then((response) => {
if (Object.keys(response.data.ocs.data.users).length > 0) {
context.commit('appendUsers', response.data.ocs.data.users)
@@ -275,7 +275,7 @@ const actions = {
* @returns {Promise}
*/
getUsersFromGroup(context, { groupid, offset, limit }) {
- return api.get(OC.linkToOCS(`cloud/users/${encodeURIComponent(groupid)}/details?offset=${offset}&limit=${limit}`, 2))
+ return api.get(OC.linkToOCS(`cloud/users/${encodeURIComponent(encodeURIComponent(groupid))}/details?offset=${offset}&limit=${limit}`, 2))
.then((response) => context.commit('getUsersFromList', response.data.ocs.data.users))
.catch((error) => context.commit('API_FAILURE', error))
},
@@ -320,7 +320,7 @@ const actions = {
*/
removeGroup(context, gid) {
return api.requireAdmin().then((response) => {
- return api.delete(OC.linkToOCS(`cloud/groups/${encodeURIComponent(gid)}`, 2))
+ return api.delete(OC.linkToOCS(`cloud/groups/${encodeURIComponent(encodeURIComponent(gid))}`, 2))
.then((response) => context.commit('removeGroup', gid))
.catch((error) => { throw error })
}).catch((error) => context.commit('API_FAILURE', { gid, error }))
diff --git a/apps/settings/src/views/Users.vue b/apps/settings/src/views/Users.vue
index 336d7bfe931..d174768fc80 100644
--- a/apps/settings/src/views/Users.vue
+++ b/apps/settings/src/views/Users.vue
@@ -79,7 +79,7 @@
:key="group.id"
:exact="true"
:title="group.title"
- :to="{ name: 'group', params: { selectedGroup: group.id } }">
+ :to="{ name: 'group', params: { selectedGroup: encodeURIComponent(group.id) } }">
<AppNavigationCounter v-if="group.count" slot="counter">
{{ group.count }}
</AppNavigationCounter>
@@ -149,7 +149,7 @@
<UserList #content
:users="users"
:show-config="showConfig"
- :selected-group="selectedGroup"
+ :selected-group="selectedGroupDecoded"
:external-actions="externalActions" />
</AppContent>
</Content>
@@ -215,6 +215,9 @@ export default {
}
},
computed: {
+ selectedGroupDecoded() {
+ return this.selectedGroup ? decodeURIComponent(this.selectedGroup) : null
+ },
users() {
return this.$store.getters.getUsers
},
@@ -452,7 +455,7 @@ export default {
this.$router.push({
name: 'group',
params: {
- selectedGroup: gid.trim(),
+ selectedGroup: encodeURIComponent(gid.trim()),
},
})
} catch {
--
GitLab