diff --git a/api/src/Etemplate/Request.php b/api/src/Etemplate/Request.php index abc36d5df0..e10ac35ed3 100644 --- a/api/src/Etemplate/Request.php +++ b/api/src/Etemplate/Request.php @@ -357,12 +357,13 @@ class Request */ static function request_id() { - // As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too. - $userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid'])); + // replace url-unsafe chars with _ to not run into url-encoding issues when used in a url + $userID = preg_replace('/[^a-z0-9_\\.@-]/i', '_', $GLOBALS['egw_info']['user']['account_lid']); // generate random token (using oppenssl if available otherwise mt_rand based Auth::randomstring) $token = function_exists('openssl_random_pseudo_bytes') ? - base64_encode(openssl_random_pseudo_bytes(32)) : + // replace + with _ to not run into url-encoding issues when used in a url + str_replace('+', '_', base64_encode(openssl_random_pseudo_bytes(32))) : \EGroupware\Api\Auth::randomstring(44); return $GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_'.$token;