Unable to share file/folders\ with users with numeric character ( like username = 144567)

arjuns91 · July 12, 2020, 7:07am

Steps to reproduce

create a user with normal name like “boby”
create another user with name “144567”
now login to the user “boby” and upload a new file and try to share it with the user “144567”, it will auto fill the username but when we click it will stay refreshing and goes so on .
while checking the access log i could see this internal server error
securevault.keltron.in:443 xxxxx - - [10/Jul/2020:17:47:07 +0000] “POST /ocs/v2.php/apps/files_sharing/api/v1/shares?format=json HTTP/1.1” 500 894 “-” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36”

Expected behaviour

Tell us what should happen

Actual behaviour

Tell us what happens instead

Server configuration

Operating system:
Ubuntu 18.04.4 LTS
Web server:
Apache/2.4.29
Database:
MariaDB Server version: 10.1.44-MariaDB
PHP version:
PHP 7.2.24-0ubuntu0.18.04.6 (cli) (built: May 26 2020 13:09:11) ( NTS )

ownCloud version: (see ownCloud admin page)
ownCloud 10.4.1 (stable)
Updated from an older ownCloud or fresh install:
Fresh Install

Where did you install ownCloud from:
https://doc.owncloud.org/server/10.4/admin_manual/installation/ubuntu_18_04.html

Signing status (ownCloud 9.0 and above):

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

<?php $CONFIG = array ( 'passwordsalt' => '***********************', 'secret' => '******************************', 'trusted_domains' => array ( 0 => 'localhost', 1 => '192.168.X.X', 2 => '****************', ), 'datadirectory' => '/var/OC/data', 'overwrite.cli.url' => 'http://localhost', 'dbtype' => 'mysql', 'version' => '10.4.1.3', 'dbname' => 'owncloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => 'owncloud', 'dbpassword' => '*************', 'logtimezone' => 'UTC', 'apps_paths' => array ( 0 => array ( 'path' => '/var/www/owncloud/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/owncloud/apps-external', 'url' => '/apps-external', 'writable' => true, ), ), 'installed' => true, 'instanceid' => 'oczcgyyw288t', 'memcache.local' => '\\OC\\Memcache\\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( 'host' => '127.0.0.1', 'port' => '6379', ), 'mail_domain' => '**********', 'mail_from_address' => '********', 'mail_smtpmode' => 'smtp', 'mail_smtpsecure' => 'tls', 'mail_smtphost' => '*******************', 'mail_smtpport' => '587', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtpauth' => 1, 'mail_smtpname' => '**************', 'mail_smtppassword' => '********', 'maintenance' => false, 'loglevel' => 2, ); ``` Log in to the web-UI with an administrator account and click on 'admin' -> 'Generate Config Report' -> 'Download ownCloud config report' This report includes the config.php settings, the list of activated apps and other details in a well sanitized form. or If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your ownCloud installation folder *ATTENTION:* Do not post your config.php file in public as is. Please use one of the above methods whenever possible. Both, the generated reports from the web-ui and from occ config:list consistently remove sensitive data. You still may want to review the report before sending. If done manually then it is critical for your own privacy to dilligently remove *all* host names, passwords, usernames, salts and other credentials before posting. You should assume that attackers find such information and will use them against your systems. ``` **List of activated apps:** Enabled: - comments: 0.3.0 - configreport: 0.2.0 - dav: 0.5.0 - federatedfilesharing: 0.5.0 - federation: 0.1.0 - files: 1.5.2 - files_external: 0.7.1 - files_mediaviewer: 1.0.2 - files_pdfviewer: 0.11.1 - files_sharing: 0.12.0 - files_texteditor: 2.3.0 - files_trashbin: 0.9.1 - files_versions: 1.3.0 - firstrunwizard: 1.2.0 - impersonate: 0.5.0 - market: 0.5.0 - notifications: 0.5.0 - provisioning_api: 0.5.0 - systemtags: 0.3.0 - updatenotification: 0.2.1 Disabled: - encryption - external - user_external ``` If you have access to your command line run e.g.: sudo -u www-data php occ app:list from within your ownCloud installation folder. ``` **Are you using external storage, if yes which one:** local/smb/sftp/... no **Are you using encryption:** yes/no no **Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/... no #### LDAP configuration (delete this part if not used) ``` With access to your command line run e.g.: sudo -u www-data php occ ldap:show-config from within your ownCloud installation folder Without access to your command line download the data/owncloud.db to your local computer or access your SQL server remotely and run the select query: SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap'; Eventually replace sensitive data as the name/IP-address of your LDAP server or groups. ``` ### Client configuration **Browser:** Mozilla **Operating system:** windows7 ### Logs #### Web server error log ``` Insert your webserver log here ``` securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:46 +0000] "GET /core/img/actions/details.svg HTTP/1.1" 200 1785 "https://securevault.keltron.in/core/css/icons.css?v=bf9156f9c938cf16e1c72b52135a8c1a" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:46 +0000] "GET /core/img/actions/rename.svg HTTP/1.1" 200 1454 "https://securevault.keltron.in/core/css/icons.css?v=bf9156f9c938cf16e1c72b52135a8c1a" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:46 +0000] "GET /core/img/actions/download.svg HTTP/1.1" 200 7473 "https://securevault.keltron.in/core/css/icons.css?v=bf9156f9c938cf16e1c72b52135a8c1a" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:48 +0000] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 948 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:56 +0000] "PUT /remote.php/dav/files/pcelladmin/oc.txt HTTP/1.1" 201 1319 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:56 +0000] "PROPFIND /remote.php/dav/files/pcelladmin/oc.txt HTTP/1.1" 207 1493 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:57 +0000] "GET /index.php/apps/files/ajax/getstoragestats.php?dir=%2F HTTP/1.1" 200 1528 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:57 +0000] "GET /remote.php/dav/files/pcelladmin/oc.txt?c=1bdf8f071c359a597248d1137f57a913&x=32&y=32&forceIcon=0&preview=1 HTTP/1.1" 200 1718 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:58 +0000] "GET /ocs/v2.php/apps/files_sharing/api/v1/shares?format=json&path=%2Foc.txt&reshares=true HTTP/1.1" 200 908 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:58 +0000] "GET /ocs/v2.php/apps/files_sharing/api/v1/shares?format=json&path=%2Foc.txt&shared_with_me=true HTTP/1.1" 200 908 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:59 +0000] "PROPFIND /remote.php/dav/systemtags-relations/files/5260 HTTP/1.1" 207 1188 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:46:59 +0000] "GET /remote.php/dav/files/pcelladmin/oc.txt?x=75&y=75&c=1bdf8f071c359a597248d1137f57a913&forceIcon=0&preview=1 HTTP/1.1" 200 3533 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:06 +0000] "GET /ocs/v1.php/apps/files_sharing/api/v1/sharees?format=json&search=147993&perPage=200&itemType=file HTTP/1.1" 200 1594 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:06 +0000] "GET /index.php/avatar/147993/32 HTTP/1.1" 200 878 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:07 +0000] "POST /ocs/v2.php/apps/files_sharing/api/v1/shares?format=json HTTP/1.1" 500 894 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:07 +0000] "GET /ocs/v1.php/apps/files_sharing/api/v1/sharees?format=json&search=147993&perPage=200&itemType=file HTTP/1.1" 200 1594 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:07 +0000] "GET /index.php/avatar/147993/32 HTTP/1.1" 200 878 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:18 +0000] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1492 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:47:48 +0000] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1492 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" securevault.keltron.in:443 x.x.x.x - - [10/Jul/2020:17:48:18 +0000] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1492 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" #### ownCloud log (data/owncloud.log) ``` Insert your ownCloud log here ``` #### Browser log ``` Insert your browser log here, this could for example include: a) The javascript console log jquery.js:8630 POST https://securevault.keltron.in/ocs/v2.php/apps/files_sharing/api/v1/shares?format=json 500 (Internal Server Error) b) The network log c) ... ```

tom42 · July 12, 2020, 12:16pm

Hey,

i did the following search https://github.com/owncloud/core/search?o=desc&q=numeric+user&s=updated&type=Issues and found the following issue which i think is related:

arjuns91 · July 13, 2020, 11:11am

Hi tom42,

Thank you so much, you save my day.
I have appended the code (https://codecov.io/gh/owncloud/core/pull/37327/src/lib/private/Share20/Share.php) in my test environment and it worked.Now am going to fix my production server.
I have been searching for the fix in many forum/google for few days, but no success,later i replicated the same server setup to check if it is a bug issue or with some other issues from my side, then i posted the issue in here and your findings came, thanks a lot .