Merge pull request #506 from nextcloud/backport/505/stable-3.3

[stable-3.3] make testEncodedObjectGUID more robust against false positives
author: blizzz <blizzz@arthur-schiwon.de> 2021-01-26 00:43:04 +0300
committer: GitHub <noreply@github.com> 2021-01-26 00:43:04 +0300
commit: 7c9ec94e10c8dde49c7f1f8f555a3b72a46a8136 (patch)
tree: 12f49a85af9384444d7f0288fe5452ae1c7cb0f7
parent: 21ccef8755cae88039d5dc77dc5b6d2a9e5b1733 (diff)
parent: 0db3ed3ace3ae8e83f4251a579785f4a6dbaba30 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/lib/UserBackend.php b/lib/UserBackend.php
index b65bccf9..dcec830a 100644
--- a/lib/UserBackend.php
+++ b/lib/UserBackend.php
@@ -702,6 +702,11 @@ class UserBackend implements IApacheBackend, UserInterface, IUserBackend {
 	 *
 	 */
 	public function testEncodedObjectGUID(string $uid): string {
+		if (preg_match('/[^a-zA-Z0-9=+\/]/', $uid) !== 0) {
+			// certainly not encoded
+			return $uid;
+		}
+
 		$candidate = base64_decode($uid, false);
 		if($candidate === false) {
 			return $uid;
diff --git a/tests/unit/UserBackendTest.php b/tests/unit/UserBackendTest.php
index f6326edc..efb1b903 100644
--- a/tests/unit/UserBackendTest.php
+++ b/tests/unit/UserBackendTest.php
@@ -289,6 +289,8 @@ class UserBackendTest extends TestCase   {
 			['EDE70D16-B9D5-4E9A-ABD7-614D17246E3F', 'EDE70D16-B9D5-4E9A-ABD7-614D17246E3F'],
 			['Tm8gY29udmVyc2lvbgo=', 'Tm8gY29udmVyc2lvbgo='],
 			['ASfjU2OYEd69ZgAVF4pePA==', '53E32701-9863-DE11-BD66-0015178A5E3C'],
+			['aaabbbcc@aa.bbbccdd.eee.ff', 'aaabbbcc@aa.bbbccdd.eee.ff'],
+			['aaabbbcccaa.bbbccdddeee', 'aaabbbcccaa.bbbccdddeee']
 		];
 	}
author	blizzz <blizzz@arthur-schiwon.de>	2021-01-26 00:43:04 +0300
committer	GitHub <noreply@github.com>	2021-01-26 00:43:04 +0300
commit	7c9ec94e10c8dde49c7f1f8f555a3b72a46a8136 (patch)
tree	12f49a85af9384444d7f0288fe5452ae1c7cb0f7
parent	21ccef8755cae88039d5dc77dc5b6d2a9e5b1733 (diff)
parent	0db3ed3ace3ae8e83f4251a579785f4a6dbaba30 (diff)