From e7249de14568085d86c859326a55d4648209fd89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julius=20H=C3=A4rtl?= Date: Thu, 19 Mar 2020 15:40:04 +0100 Subject: [PATCH] Make the groupId url encoded MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Julius Härtl --- apps/provisioning_api/lib/Controller/GroupsController.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php index 7f2da88a09..fa72e5ad5d 100644 --- a/apps/provisioning_api/lib/Controller/GroupsController.php +++ b/apps/provisioning_api/lib/Controller/GroupsController.php @@ -151,6 +151,8 @@ class GroupsController extends AUserData { * @throws OCSException */ public function getGroupUsers(string $groupId): DataResponse { + $groupId = urldecode($groupId); + $user = $this->userSession->getUser(); $isSubadminOfGroup = false; @@ -190,6 +192,7 @@ class GroupsController extends AUserData { * @throws OCSException */ public function getGroupUsersDetails(string $groupId, string $search = '', int $limit = null, int $offset = 0): DataResponse { + $groupId = urldecode($groupId); $currentUser = $this->userSession->getUser(); // Check the group exists @@ -262,6 +265,8 @@ class GroupsController extends AUserData { * @throws OCSException */ public function updateGroup(string $groupId, string $key, string $value): DataResponse { + $groupId = urldecode($groupId); + if ($key === 'displayname') { $group = $this->groupManager->get($groupId); if ($group->setDisplayName($value)) { @@ -282,6 +287,8 @@ class GroupsController extends AUserData { * @throws OCSException */ public function deleteGroup(string $groupId): DataResponse { + $groupId = urldecode($groupId); + // Check it exists if (!$this->groupManager->groupExists($groupId)) { throw new OCSException('', 101);