mirror of
https://github.com/nextcloud/server.git
synced 2026-03-01 13:00:44 -05:00
fix(ContactsStore): Sanitize user ID given to guest avatar route
It is not allowed to use slashes within path parameters, so they would need to be encoded. But URL encoded slashes are not suported by Apache, so instead replace slash with space. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This commit is contained in:
parent
05a03dd663
commit
2c8aee8f99
1 changed files with 2 additions and 2 deletions
|
|
@ -353,9 +353,9 @@ class ContactsStore implements IContactsStore {
|
|||
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.avatar.getAvatar', ['userId' => $uid, 'size' => 64]);
|
||||
$entry->setProperty('isUser', true);
|
||||
} elseif (!empty($contact['FN'])) {
|
||||
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $contact['FN'], 'size' => 64]);
|
||||
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => str_replace('/', ' ', $contact['FN']), 'size' => 64]);
|
||||
} else {
|
||||
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => $uid, 'size' => 64]);
|
||||
$avatar = $this->urlGenerator->linkToRouteAbsolute('core.GuestAvatar.getAvatar', ['guestName' => str_replace('/', ' ', $uid), 'size' => 64]);
|
||||
}
|
||||
$entry->setAvatar($avatar);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue