Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot use / in url params #31223

Closed
butonic opened this issue Apr 20, 2018 · 5 comments · Fixed by #31224
Closed

Cannot use / in url params #31223

butonic opened this issue Apr 20, 2018 · 5 comments · Fixed by #31224
Assignees
@butonic
Labels
blue-ticket p4-low Low priority Type:Bug
Milestone
10.1.0

Comments

@butonic
Copy link
Member

butonic commented Apr 20, 2018
edited
Loading

Steps to reproduce

  1. register a route with a param, eg /resource/{id}
  2. try to use an id with a /. it should be urlencoded, so the url in a request will look like /resource/id%2Fwith%2Fslashes

Expected behaviour

The controller should get id/with/slashes as a parameter.

Actual behaviour

The controller is never called because the url never matches.

  1. make sure apache does not auto decode slashes by adding AllowEncodedSlashes On to the virtualhosts section. Otherwise you get an immediate 404 without php ever seeing the request
  2. Even with AllowEncodedSlashes On the url gets decoded in Symphonys URLMatcher. In the worst case this might cause calling the wrong route.

Related

owncloud-archive/user_management#20 (comment)
@butonic
Copy link
Member Author

butonic commented Apr 20, 2018

It turns out symphony has a way to configure the regex used to match a parameter: https://symfony.com/doc/current/routing/slash_in_parameter.html

@butonic
Copy link
Member Author

butonic commented Apr 20, 2018

That means our resource urls are generated without this.

@butonic butonic mentioned this issue Apr 20, 2018
Merged
@butonic butonic self-assigned this Apr 20, 2018
@butonic butonic changed the title Cannot use / in url params Cannot use / in url params Apr 20, 2018
@ownclouders
Copy link
Contributor

GitMate.io thinks possibly related issues are #883 (Can't use 'n' character in url for 'New > From Link'), #30097 (Logout URL doesn't work if using reverse proxy), #20414 (Can't use HTTPS: "URL /index.php/apps/files/ not found"), #23880 (How to use Pretty URL ?), and #16694 (No CardDav URL provided).

@phil-davis
Copy link
Contributor

phil-davis commented Apr 20, 2018
edited
Loading

Are there any cases where {id} is followed by more parameters or URL parts?
e.g. there is a ``groupa`

/ocs/v1.php/settings/groups/groupa
/ocs/v1.php/settings/groups/groupa/displayName

and if you create a group called groupa/displayName then there could be trouble.
It depends how long the %2F stays around. The client is going to access:

/ocs/v1.php/settings/groupss/groupa%2FdisplayName
/ocs/v1.php/settings/users/groupa%2FdisplayName/displayName

to try and find out about that nasty-named user.

@butonic butonic added the p4-low Low priority label Apr 20, 2018
@butonic butonic added this to the triage milestone Apr 20, 2018
@PVince81 PVince81 modified the milestones: triage, maybe some day May 22, 2018
@butonic butonic modified the milestones: maybe some day, development May 30, 2018
@butonic butonic self-assigned this May 30, 2018
@butonic butonic mentioned this issue May 30, 2018
Closed
@butonic
Copy link
Member Author

butonic commented May 30, 2018

@paurakhsharma please try with #31224

@PVince81 PVince81 modified the milestones: development, QA Jan 11, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Jan 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@butonic butonic

Labels
blue-ticket p4-low Low priority Type:Bug
Projects
None yet
Milestone
10.1.0
Development

Successfully merging a pull request may close this issue.

generated resource routes should allow / owncloud/core
4 participants
@PVince81 @butonic @phil-davis @ownclouders