From b5204a78ccd5d8a00e0ac3d7c0e6d1ab5ad5bfe8 Mon Sep 17 00:00:00 2001
From: Georg Ehrke <developer@georgehrke.com>
Date: Thu, 10 Sep 2020 12:55:41 +0200
Subject: [PATCH] Mitigate encoding issue with user principal uri

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
---
 apps/dav/lib/Connector/Sabre/Principal.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index cfe9a6d7f73..1ddbc1a6083 100644
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -168,7 +168,11 @@ class Principal implements BackendInterface {
 		}
 
 		if ($prefix === $this->principalPrefix) {
-			$user = $this->userManager->get($name);
+			// Depending on where it is called, it may happen that this function
+			// is called either with a urlencoded version of the name or with a non-urlencoded one.
+			// The urldecode function replaces %## and +, both of which are forbidden in usernames.
+			// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
+			$user = $this->userManager->get(urldecode($name));
 
 			if ($user !== null) {
 				return $this->userToPrincipal($user);
-- 
GitLab