Mitigate encoding issue with user principal uri
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
This commit is contained in:
parent
9e88559e94
commit
ac87e46dff
|
@ -168,7 +168,11 @@ class Principal implements BackendInterface {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($prefix === $this->principalPrefix) {
|
if ($prefix === $this->principalPrefix) {
|
||||||
$user = $this->userManager->get($name);
|
// Depending on where it is called, it may happen that this function
|
||||||
|
// is called either with a urlencoded version of the name or with a non-urlencoded one.
|
||||||
|
// The urldecode function replaces %## and +, both of which are forbidden in usernames.
|
||||||
|
// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
|
||||||
|
$user = $this->userManager->get(urldecode($name));
|
||||||
|
|
||||||
if ($user !== null) {
|
if ($user !== null) {
|
||||||
return $this->userToPrincipal($user);
|
return $this->userToPrincipal($user);
|
||||||
|
|
Loading…
Reference in New Issue