upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-11 09:42:09 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 57

fix(ContactsStore): Sanitize user ID given to guest avatar route

Browse source 
It is not allowed to use slashes within path parameters, so they would need to be encoded.
But URL encoded slashes are not suported by Apache, so instead replace slash with space.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This commit is contained in:
Ferdinand Thiessen 2024-02-03 11:32:51 +01:00 committed by backportbot[bot]
parent 5dc2200ca0
commit d15d7bcba0
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/private/Contacts/ContactsMenu/ContactsStore.php
View file

@ -343,9 +343,9 @@ class ContactsStore implements IContactsStore {
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.avatar.getAvatar', ['userId' => $uid, 'size' => 64]);
$entry->setProperty('isUser', true);
} elseif (!empty($contact['FN'])) {
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $contact['FN'], 'size' => 64]);
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => str_replace('/', ' ', $contact['FN']), 'size' => 64]);
} else {
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $uid, 'size' => 64]);
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => str_replace('/', ' ', $uid), 'size' => 64]);
}
$entry->setAvatar($avatar);
}