Skip to content

fix(dav): Allow underscores on custom links #51715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 7, 2025
Merged

fix(dav): Allow underscores on custom links #51715

merged 1 commit into from
Apr 7, 2025

Conversation

@solracsf
Copy link
Member

@solracsf solracsf commented Mar 26, 2025
edited
Loading

Checklist

@solracsf
fix(shares): Allow underscores on custom links
5dcec08 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
@solracsf solracsf added bug 3. to review Waiting for reviews hotspot: filename handling Filenames - invalid, portable, blacklisting, etc. labels Mar 26, 2025
@solracsf solracsf added this to the Nextcloud 32 milestone Mar 26, 2025
@solracsf solracsf requested a review from a team as a code owner March 26, 2025 07:15
@solracsf solracsf requested review from ArtificialOwl, icewind1991 and sorbaugh and removed request for a team March 26, 2025 07:15
@solracsf
Copy link
Member Author

/backport to stable31

@solracsf solracsf changed the title fix(shares): Allow underscores on custom links fix(dav): Allow underscores on custom links Mar 26, 2025
@provokateurin
Copy link
Member

provokateurin commented Mar 26, 2025
edited
Loading

This doesn't make sense, because creating custom links with underscores is not allowed in the first place:

server/apps/files_sharing/lib/Controller/ShareAPIController.php

Line 1381 in 78b31ca

if (!preg_match('/^[a-z0-9-]+$/i', $token)) {

@solracsf
Copy link
Member Author

Hum. Then 2 ways here, either allow it (I don't see a valid reason why not, but correct me), or validate input and clearly states that _ is not allowed.

skjnldsv
skjnldsv previously approved these changes Mar 26, 2025
View reviewed changes
@skjnldsv skjnldsv dismissed their stale review March 26, 2025 08:50

See Kate's comment

@provokateurin
Copy link
Member

Well I'm wondering how we even received such a bug report, given that it's not allowed to create custom links with underscores. To me it only makes sense if we either miss the validation in some cases (maybe when updating the share?) or the report manually edited the database (and thus created an invalid report).

I'm fine with allowing underscores though, I don't see why we should allow them.

@susnux
Copy link
Contributor

susnux commented Mar 26, 2025

I agree with Kate and think we should do both

  1. Properly validate the input -> Bugfix and backport.
  2. Allow underscore (this PR) -> Feature for 32.

@kesselb
Copy link
Collaborator

kesselb commented Apr 1, 2025
edited
Loading

Properly validate the input -> Bugfix and backport.

Those links were created with the 3rdparty app before 31 (#51714 (comment)).

@solracsf
Copy link
Member Author

solracsf commented Apr 1, 2025

@kesselb comment also says:

Share links with underscore can still be created in my v. 31.0.2 without complaint from Nextcloud.

@kesselb
Copy link
Collaborator

kesselb commented Apr 2, 2025

I believe the user meant that they can still create share links with underscores using the cfg_share_links app. This app is available for Nextcloud 31 and is enabled according to the system report. The custom share link feature is disabled by default, so the user might not have realized they were using the app instead of the built-in approach.

I wanted to clarify that the input validation for our custom share link feature is not broken and doesn't need fixing. If we want to allow underscores, continuing with this PR should be fine.

@provokateurin
Copy link
Member

I agree with @kesselb, but since there is nothing against allowing underscores we should just merge this PR.

@provokateurin provokateurin enabled auto-merge April 7, 2025 07:29
szaimen
szaimen approved these changes Apr 7, 2025
View reviewed changes
Copy link
Contributor

@szaimen szaimen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but did not test

@provokateurin provokateurin merged commit a42563f into master Apr 7, 2025
193 of 198 checks passed
@provokateurin provokateurin deleted the allowUnderCustLink branch April 7, 2025 07:48
@backportbot backportbot bot mentioned this pull request Apr 7, 2025
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Aug 19, 2025
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 32, Nextcloud 33 Sep 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@provokateurin provokateurin provokateurin approved these changes

@szaimen szaimen szaimen approved these changes

@skjnldsv skjnldsv skjnldsv left review comments

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 is a code owner automatically assigned from nextcloud/server-backend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-backend

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug hotspot: filename handling Filenames - invalid, portable, blacklisting, etc.

Projects

None yet

Milestone

Nextcloud 32

Development

Successfully merging this pull request may close these issues.

[Bug]: Custom Public Link containing underscores "_" stopped working on upgrade to 31.0.2

7 participants

@solracsf @provokateurin @susnux @kesselb @skjnldsv @szaimen