Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e98eb455 authored by theronakpatel's avatar theronakpatel
Browse files

autocomplete patch

parent 9aaaf9f0

patches/005-autocomplete-user-leak-core.patch

+15 −17
Original line number Diff line number Diff line
@@ -12,25 +12,23 @@ this filtering works in conjunction with the autocomplete feature disabled in ne 




diff --git lib/private/Collaboration/Collaborators/UserPlugin.php lib/private/Collaboration/Collaborators/UserPlugin-new.php

--- lib/private/Collaboration/Collaborators/UserPlugin.php	2022-11-23 17:19:20.220495300 +0530

+++ lib/private/Collaboration/Collaborators/UserPlugin-new.php	2022-11-23 17:19:05.690495300 +0530

@@ -186,9 +186,9 @@

--- lib/private/Collaboration/Collaborators/UserPlugin.php	2025-02-13 19:30:40

+++ lib/private/Collaboration/Collaborators/UserPlugin-new.php	2025-03-07 12:48:50

@@ -175,8 +175,8 @@

 			if (

 				$this->shareeEnumerationFullMatch &&

 				$lowerSearch !== '' && (strtolower($uid) === $lowerSearch ||

-				strtolower($userDisplayName) === $lowerSearch ||

-				($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) ||

-				($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch))

+				// strtolower($userDisplayName) === $lowerSearch ||

+				// ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) ||

+				($this->shareeEnumerationFullMatchEmail && strtolower($userEmail) === $lowerSearch))

 				($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch))

 			) {

 				if (strtolower($uid) === $lowerSearch) {

 					$foundUserById = true;



diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Collaboration/Collaborators/MailPlugin-new.php

--- lib/private/Collaboration/Collaborators/MailPlugin.php	2023-02-01 21:43:07.661060529 +0530

+++ lib/private/Collaboration/Collaborators/MailPlugin-new.php	2023-02-01 21:51:00.382603635 +0530

--- lib/private/Collaboration/Collaborators/MailPlugin.php	2025-02-13 19:30:40

+++ lib/private/Collaboration/Collaborators/MailPlugin-new.php	2025-03-07 12:55:25

@@ -39,6 +39,7 @@

 use OCP\IUserSession;

 use OCP\Mail\IMailer;
@@ -39,17 +37,18 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co 
 

 class MailPlugin implements ISearchPlugin {

 	protected bool $shareWithGroupOnly;

@@ -61,7 +62,9 @@

@@ -61,8 +62,10 @@

 		private KnownUserService $knownUserService,

 		private IUserSession $userSession,

 		private IMailer $mailer,

+		private IUserManager $userManager,

 		private mixed $shareWithGroupOnlyExcludeGroupsList = [],

 	) {

+		$this->userManager = $userManager;

 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';

 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';

 		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';

@@ -207,27 +210,61 @@

@@ -216,27 +219,61 @@

 						if ($exactEmailMatch) {

 							$searchResult->markExactIdMatch($emailType);

 						}
@@ -131,4 +130,3 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co 
 					}

 				}

 			}