diff options
author | blizzz <blizzz@arthur-schiwon.de> | 2021-01-26 00:43:04 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-26 00:43:04 +0300 |
commit | 7c9ec94e10c8dde49c7f1f8f555a3b72a46a8136 (patch) | |
tree | 12f49a85af9384444d7f0288fe5452ae1c7cb0f7 | |
parent | 21ccef8755cae88039d5dc77dc5b6d2a9e5b1733 (diff) | |
parent | 0db3ed3ace3ae8e83f4251a579785f4a6dbaba30 (diff) |
Merge pull request #506 from nextcloud/backport/505/stable-3.3
[stable-3.3] make testEncodedObjectGUID more robust against false positives
-rw-r--r-- | lib/UserBackend.php | 5 | ||||
-rw-r--r-- | tests/unit/UserBackendTest.php | 2 |
2 files changed, 7 insertions, 0 deletions
diff --git a/lib/UserBackend.php b/lib/UserBackend.php index b65bccf9..dcec830a 100644 --- a/lib/UserBackend.php +++ b/lib/UserBackend.php @@ -702,6 +702,11 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend { * */ public function testEncodedObjectGUID(string $uid): string { + if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) { + // certainly not encoded + return $uid; + } + $candidate = base64_decode($uid, false); if($candidate === false) { return $uid; diff --git a/tests/unit/UserBackendTest.php b/tests/unit/UserBackendTest.php index f6326edc..efb1b903 100644 --- a/tests/unit/UserBackendTest.php +++ b/tests/unit/UserBackendTest.php @@ -289,6 +289,8 @@ class UserBackendTest extends TestCase { ['EDE70D16-B9D5-4E9A-ABD7-614D17246E3F', 'EDE70D16-B9D5-4E9A-ABD7-614D17246E3F'], ['Tm8gY29udmVyc2lvbgo=', 'Tm8gY29udmVyc2lvbgo='], ['ASfjU2OYEd69ZgAVF4pePA==', '53E32701-9863-DE11-BD66-0015178A5E3C'], + ['aaabbbcc@aa.bbbccdd.eee.ff', 'aaabbbcc@aa.bbbccdd.eee.ff'], + ['aaabbbcccaa.bbbccdddeee', 'aaabbbcccaa.bbbccdddeee'] ]; } |