Skip to content

Match slashes in ../{id} resource routes #4138

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MorrisJobke merged 1 commit into from
Apr 4, 2017
Merged

Match slashes in ../{id} resource routes #4138

MorrisJobke merged 1 commit into from
Apr 4, 2017

Conversation

@rullzer
Copy link
Member

@rullzer rullzer commented Mar 29, 2017

Fixes #2954

Before we could match on /{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).

to test:

  1. create a group foo/bar
  2. Delete the group

Before: nope
Now: yes, master

CC: @hirschrobert

@rullzer rullzer added this to the Nextcloud 12.0 milestone Mar 29, 2017
@mention-bot
Copy link

mention-bot commented Mar 29, 2017

@rullzer, thanks for your PR! By analyzing the history of the files in this pull request, we identified @BernhardPosselt, @Xenopathic and @icewind1991 to be potential reviewers.

nickvergessen
nickvergessen requested changes Mar 29, 2017
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should specify that on the routes which are affected:
https://github.com/nextcloud/notifications/blob/master/appinfo/routes.php#L24

Not in general. And with your current approach I think you even kill existing restrictions?

@nickvergessen
Copy link
Member

nickvergessen commented Mar 29, 2017

This will also cause problems with:
/groups/{groupId} vs. /groups/{groupId}/subadmins ?! (provisioning api) also the name does not match there, so they still wouldnt allow slashes...

@rullzer
Copy link
Member Author

rullzer commented Mar 29, 2017

we don't do it in general. Only for resources like https://github.com/nextcloud/server/blob/master/settings/routes.php#L40

I see no use case where you'd generate a resource url like <prefix>/foo/bar and only want to match on foo and ignore bar (because bar will be ignored as the resources specifies itself as <prefix>/{id})

@rullzer
Copy link
Member Author

rullzer commented Mar 29, 2017

@nickvergessen so this way now or are you going to rewrite it to use the provisioning api?

nickvergessen
nickvergessen approved these changes Mar 30, 2017
View reviewed changes
Copy link
Member

@nickvergessen nickvergessen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah let's try it

@rullzer rullzer requested a review from BernhardPosselt April 3, 2017 06:53
@rullzer
Match slashes in ../{id} resource routes
31f9be7 
Fixes #2954

Before we could match on <prefix>/{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
@rullzer rullzer force-pushed the resources_match_fullid branch from 44ed097 to 31f9be7 Compare April 4, 2017 06:37
MorrisJobke
MorrisJobke approved these changes Apr 4, 2017
View reviewed changes
Copy link
Member

@MorrisJobke MorrisJobke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and works 👍

@MorrisJobke MorrisJobke merged commit fa41078 into master Apr 4, 2017
@MorrisJobke MorrisJobke deleted the resources_match_fullid branch April 4, 2017 20:54
@ChristophWurst ChristophWurst mentioned this pull request Apr 18, 2017
Closed
@MorrisJobke
Copy link
Member

MorrisJobke commented Apr 18, 2017

Reverted in #4381

This was referenced Mar 19, 2020
Merged
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@LukasReschke LukasReschke Awaiting requested review from LukasReschke

@BernhardPosselt BernhardPosselt Awaiting requested review from BernhardPosselt

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: settings

Projects

None yet

Milestone

Nextcloud 12.0

Development

Successfully merging this pull request may close these issues.

cannot delete group with a slash in its name

5 participants

@rullzer @mention-bot @nickvergessen @MorrisJobke