Server: Nextcloud 12: cannot share calendar with a group with "&" in its name

Created on 15 May 2017  路  15Comments  路  Source: nextcloud/server

Steps to reproduce

  1. upgrade to nextcloud 12 beta 2
  2. create a group "x&y", assign a user
  3. share a calendar with this group
  4. Login with a User of group "x&y"
  5. observe that shared calendar is not in the subscribed calendars

Sharing with "xy" works though.
Sharing with "x&y" worked in 11.0.3, so it is a new issue or regression.

Expected behaviour

either groups Ned with "&" have to be forbidden or sharing to such a group should work.

Actual behaviour

Calendar will not be visible to members of "x&y"

Server configuration

Operating system: Linux server.lern.link 3.13.0-042stab120.5 #1 SMP Tue Oct 25 22:31:12 MSK 2016 x86_64

Web server: Apache (fpm-fcgi)

Database: mysql 5.5.55

PHP version: 7.0.18
Modules loaded: Core, date, libxml, openssl, pcre, zlib, bz2, calendar, ctype, hash, filter, ftp, gettext, gmp, SPL, iconv, Reflection, session, standard, SimpleXML, sockets, mbstring, tokenizer, xml, cgi-fcgi, mysqlnd, bcmath, curl, dba, dom, enchant, fileinfo, gd, imagick, imap, intl, json, ldap, exif, mcrypt, mysqli, odbc, PDO, pdo_mysql, PDO_ODBC, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, pspell, redis, soap, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, xmlreader, xmlrpc, xmlwriter, xsl, zip, ionCube Loader, Zend OPcache

Nextcloud version: 12.0 beta 2 - 12.0.0.18

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from:

Signing status:


Signing status

[]

List of activated apps:


App list

Enabled:
 - activity: 2.5.2
 - admin_notifications: 1.0.0
 - bookmarks: 0.10.0
 - bruteforcesettings: 1.0.2
 - calendar: 1.5.2
 - comments: 1.2.0
 - contacts: 1.5.3
 - dav: 1.3.0
 - federatedfilesharing: 1.2.0
 - federation: 1.2.0
 - files: 1.7.2
 - files_downloadactivity: 1.1.1
 - files_external: 1.3.0
 - files_pdfviewer: 1.1.1
 - files_sharing: 1.4.0
 - files_texteditor: 2.4.1
 - files_trashbin: 1.2.0
 - files_versions: 1.5.0
 - files_videoplayer: 1.1.0
 - firstrunwizard: 2.1
 - gallery: 17.0.0
 - issuetemplate: 0.2.1
 - logreader: 2.0.0
 - lookup_server_connector: 1.0.0
 - mail: 0.6.4
 - news: 11.0.0
 - nextcloud_announcements: 1.1
 - notes: 2.2.0
 - notifications: 2.0.0
 - provisioning_api: 1.2.0
 - serverinfo: 1.2.0
 - sharebymail: 1.2.0
 - socialsharing_email: 1.0.1
 - spreedme: 0.3.8
 - systemtags: 1.2.0
 - tasks: 0.9.5
 - theming: 1.3.0
 - twofactor_backupcodes: 1.1.0
 - updatenotification: 1.2.0
 - workflowengine: 1.2.0

Disabled:
 - admin_audit
 - apporder
 - direct_menu
 - encryption
 - password_policy
 - survey_client
 - user_external
 - user_ldap

The content of config/config.php:


Config report

{
    "instanceid": "518cbe88de454",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "datadirectory": "***REMOVED SENSITIVE VALUE***",
    "tempdirectory": "***REMOVED SENSITIVE VALUE***",
    "dbtype": "mysql",
    "version": "12.0.0.18",
    "dbname": "***REMOVED SENSITIVE VALUE***",
    "dbhost": "localhost",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "installed": true,
    "theme": "",
    "loglevel": 2,
    "log_rotate_size": 10485760,
    "forcessl": true,
    "forceSSLforSubdomains": false,
    "default_language": "de_DE",
    "enable_previews": true,
    "preview_libreoffice_path": "\/usr\/bin\/libreoffice",
    "trusted_domains": [
        "***REMOVED SENSITIVE VALUE***"
    ],
    "mail_smtpmode": "php",
    "mail_smtpsecure": "ssl",
    "mail_from_address": "noreply",
    "mail_domain": "***REMOVED SENSITIVE VALUE***",
    "mail_smtphost": "localhost",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "maintenance": false,
    "enable_avatars": true,
    "appstore.experimental.enabled": true,
    "filelocking.enabled": "true",
    "memcache.locking": "\\OC\\Memcache\\Redis",
    "memcache.local": "\\OC\\Memcache\\Redis",
    "redis": {
        "host": "localhost",
        "port": 6379,
        "timeout": 0
    },
    "trashbin_retention_obligation": "auto",
    "htaccess.RewriteBase": "\/",
    "asset-pipeline.enabled": false,
    "updater.release.channel": "beta",
    "debug": false,
    "overwrite.cli.url": "***REMOVED SENSITIVE VALUE***"
}

Are you using external storage, if yes which one: Array
(
[0] => \OC\Files\Storage\Local
[1] => \OCA\Files_External\Lib\Storage\FTP
[2] => \OC\Files\Storage\DAV
[3] => \OCA\Files_External\Lib\Storage\OwnCloud
[4] => \OCA\Files_External\Lib\Storage\SFTP
[5] => \OCA\Files_External\Lib\Storage\AmazonS3
[6] => \OCA\Files_External\Lib\Storage\Dropbox
[7] => \OCA\Files_External\Lib\Storage\Google
[8] => \OCA\Files_External\Lib\Storage\Swift
[9] => \OCA\Files_External\Lib\Storage\SFTP
[10] => \OCA\Files_External\Lib\Storage\SMB
[11] => \OCA\Files_External\Lib\Storage\SMB
)

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...

Client configuration

Browser: Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1

Operating system:

Logs

Web server error log


Web server error log
Insert your webserver log here

Nextcloud log (data/nextcloud.log)


Nextcloud log
Insert your Nextcloud log here

Browser log


Browser log
```
Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
```

3. to review bug dav
Source
picture dirkpape
👍1

All 15 comments

@georgehrke any idea how to fix this?

schiessle picture schiessle on 18 May 2017

https://github.com/nextcloud/server/commit/c75b5a56140605308237d94038947b1b27941521#diff-60741cfe42a3d593d42e433595d64f22R153

@rullzer cough cough

georgehrke picture georgehrke on 19 May 2017

It's x&y in the database, but the principalbackend returns this:

array(3) {
  ["users"]=>
  string(23) "principals/groups/users"
  ["x&y"]=>
  string(23) "principals/groups/x%26y"
  [0]=>
  string(22) "principals/users/user1"
}
georgehrke picture georgehrke on 19 May 2017

So, we have to:

  • [ ] url encode gids before adding them to the dav_shares table
  • [ ] add a migration step to replace existing shares with & to use %26
  • [ ] url decode gid before outputting it to CalDAV
georgehrke picture georgehrke on 19 May 2017

@rullzer @schiessle Did I miss something? ^

georgehrke picture georgehrke on 19 May 2017

or we just use urldecode on any group principal before querying the dav_shares table.

georgehrke picture georgehrke on 19 May 2017

Another alternativ is not using urlencode but simply replacing only / with %2F

georgehrke picture georgehrke on 19 May 2017

Ah right I think I broke this then by adding the urlencode. Since else you could not share with groups with a /. I vote to use urldecode. Else somebody will come along and that you can't share with a group with an % etc.

rullzer picture rullzer on 19 May 2017

Okay, will take care :)

georgehrke picture georgehrke on 19 May 2017
🎉1

Also affects groups with a space in the name.

georgehrke picture georgehrke on 28 May 2017
👍1

Using Nextlcoud 12.0.1, the file sharing system works with spaces in the share name, but sharing calendars (v1.5.3) and contacts (v1.5.3) doesn't work with spaces.

I had that problem after an upgrade.
I removed and recreated the shares without a space and it worked.

This issue https://github.com/nextcloud/calendar/issues/544 states " the CalDAV server became part of Nextcloud's server and the calendar app is just a CalDAV client running in your browser.", but I feel that's incorrect as the problem was fixed for the files but not for the calendar / contact app. (but that's why I'm here to report this)

quenenni picture quenenni on 22 Sep 2017

I have the feeling no-one will ever read my comment as this ticket is closed.
Damned.. This is a horrible bug!!!!
I upgraded 30 owncloud instances to nextcloud and now I'm in a very deep shit.
How is it that no-one thought about testing that sharing problem with calendars and addressbooks..

quenenni picture quenenni on 25 Sep 2017

ff67e386-46a1-4c5d-9278-36e67cb3327d

Please see the linked pull requests here. They were solely about sharing with CalDAV and CardDAV.

Please do the following:

  • Update to Nextcloud 12.0.3
  • try to reproduce the issue with 12.0.3
  • report back / open a new issue in the server repo
georgehrke picture georgehrke on 25 Sep 2017

Furthermore, what is "share name"?

  • The name of the person / group you share with?
  • The name of the shared calendar?
georgehrke picture georgehrke on 25 Sep 2017

@georgehrke
Thanks for your help.

I had to git clone v12.0.3 as the debian package available in the repo is v12.0.1.

You're correct, the bug is no more in v12.0.3.
Sorry for the noise.
I was convinced to have the last 12.0.x version installed, but I was wrong.

And I was unlucky that the 2 nextcloud instances I intensively tested to see if the upgrade was good didn't use spaces or other special chars in their group names.

Damned circumstances..

Again, thanks for your time.

Ps:

georgehrke added this to the Nextcloud 12.0.1 milestone on 28 May

I remember now why I thought my version 12.0.1 should be good.

quenenni picture quenenni on 25 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

georgehrke picture georgehrke  路  3Comments
jancborchardt picture jancborchardt  路  3Comments
dl5rcw picture dl5rcw  路  3Comments
brylie picture brylie  路  3Comments
ChristophWurst picture ChristophWurst  路  3Comments