On Jan 5, 2013, at 3:11 PM, Ed W <[email protected]> wrote: > >> I'm actually not an owncloud dev; I'm the sabredav maintainer... If any >> issues surface though, I'm happy to apply any fixes to 1.6.x; It should be >> pretty much painless to update to a new version in the 1.6 range. >> > > Could you chew over this hack... > > --- 3rdparty/Sabre/DAV/URLUtil.php.orig 2012-12-10 15:50:05.759930750 +0000 > +++ 3rdparty/Sabre/DAV/URLUtil.php 2012-12-24 15:02:46.407943525 +0000 > @@ -75,6 +75,9 @@ > */ > static function decodePathSegment($path) { > > + # N9 double encodes urls. Gingerly workaround probable such urls > + $path = str_replace('%2540', '%40', $path); > + > $path = rawurldecode($path); > $encoding = mb_detect_encoding($path, array('UTF-8','ISO-8859-1')); > > > > Basically my login tokens are email addresses, the N9 initially uses a > correct escaped version, but then it seems to get back the list of calendars > with hrefs (correctly?) escaped, it then double encodes these urls and > requests each calendar (which obviously fails) > > Double decoding is clearly dangerous, so I have limited it to this one > specific value. It's definitely a hack and seems to affect only a small > number of devices (Nokia N9 only?). > > Any thoughts on a better solution?
Yea I do actually think this is a pretty bad idea. The result is that urls that are expected to have the pattern %2540 will now also become %40. For caldav/carddav this is not a very big deal, because the urls tend to be not that crazy, but this fix will also apply to fileserving, where you really need to make a strong effort to retain the exact input. You don't want serious stuff to corrupt. But since the issue is just in email addresses, I think I would hack the principalbackends instead. When a path is requested that contains an email address, like : /calendars/[email protected]/ Make sure that the system that looks up '[email protected]' can also deal with a urlencoded version of this. Evert _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
