ITip/Broker and plus signs in email addresses

[rotdrop]

There might be a bug when organizers or attendees emails contain characters which need to be url-encoded like name+extra@mydomain.tld. This is also discussed here: nextcloud/server#28162

vobject/lib/ITip/Broker.php

Line 231 in 198196c

if (in_array($eventInfo['organizer'], $userHref)) {

It seems that the email-address in $eventInfo['organizer'] is already decoded (e.g. %2b replaced by a literal +), however, the emails contained in the array $userHref are not.

A fix might be to inject a line

$userHref = array_map(fn($url) => urldecode($url), $userHref);

right after

https://github.com/nextcloud/3rdparty/blob/f143482ffb0b8dfdbc08cd848ce2e66f02a5d9b6/sabre/vobject/lib/ITip/Broker.php#L185-L186

However, I do not really know if the mistake is on the side of Nextcloud or Sabre and whether this hack has undesirable side-effects.

[rotdrop]

A fix might be to inject a line

$userHref = array_map(fn($url) => urldecode($url), $userHref);

right after

This actually does not hack the situation. In my setups the $userHref sometimes comes in url-encoded and sometimes not. Given that, a hackish "fix" would be something like this:

$userHref = array_map(fn($url) => rawurldecode($url), $userHref);

However, it would be good to understand under which circumstances $userHref comes in either way, encoded or not.

Note that urldecode() replaces a plus sign by a space which rawurldecode() does not.