From 388bffc48bd7a59b2ec5679d943796753fba450b Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Fri, 27 Jan 2017 17:37:04 +0100 Subject: [PATCH] * All apps: fix random failure in drag-n-drop or pasting images into CKEditor eg. mail compose --- api/src/Etemplate/Request.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/api/src/Etemplate/Request.php b/api/src/Etemplate/Request.php index abc36d5df0..e10ac35ed3 100644 --- a/api/src/Etemplate/Request.php +++ b/api/src/Etemplate/Request.php @@ -357,12 +357,13 @@ class Request */ static function request_id() { - // As we replace spaces with + for those account ids which contain spaces, therefore we need to do the same for getting request id too. - $userID = str_replace(' ', '+', rawurldecode($GLOBALS['egw_info']['user']['account_lid'])); + // replace url-unsafe chars with _ to not run into url-encoding issues when used in a url + $userID = preg_replace('/[^a-z0-9_\\.@-]/i', '_', $GLOBALS['egw_info']['user']['account_lid']); // generate random token (using oppenssl if available otherwise mt_rand based Auth::randomstring) $token = function_exists('openssl_random_pseudo_bytes') ? - base64_encode(openssl_random_pseudo_bytes(32)) : + // replace + with _ to not run into url-encoding issues when used in a url + str_replace('+', '_', base64_encode(openssl_random_pseudo_bytes(32))) : \EGroupware\Api\Auth::randomstring(44); return $GLOBALS['egw_info']['flags']['currentapp'].'_'.$userID.'_'.$token;