From 158e73242ee692f398215a9fcbdc6aa60347e396 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Thu, 28 Oct 2021 10:30:14 +0200
Subject: [PATCH 1/2] Avoid use of iconv to get rid of unicode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Using iconv for translit depends upon server configuration, locale, and
 PHP version. Using htmlentities instead to have a consistent behavior
 independent of configuration.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 apps/user_ldap/lib/Access.php       | 15 +++++++++------
 apps/user_ldap/tests/AccessTest.php |  8 +-------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index 7b7ae74d3f3..d981bf0e54b 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -1433,12 +1433,15 @@ class Access extends LDAPUtility {
 			return $name;
 		}
 
-		// Transliteration to ASCII
-		$transliterated = @iconv('UTF-8', 'ASCII//TRANSLIT', $name);
-		if ($transliterated !== false) {
-			// depending on system config iconv can work or not
-			$name = $transliterated;
-		}
+		// Use htmlentities to get rid of accents
+		$name = htmlentities($name, ENT_NOQUOTES, 'UTF-8');
+
+		// Remove accents
+		$name = preg_replace('#&([A-za-z])(?:acute|cedil|caron|circ|grave|orn|ring|slash|th|tilde|uml);#', '\1', $name);
+		// Remove ligatures
+		$name = preg_replace('#&([A-za-z]{2})(?:lig);#', '\1', $name);
+		// Remove unknown leftover entities
+		$name = preg_replace('#&[^;]+;#', '', $name);
 
 		// Replacements
 		$name = str_replace(' ', '_', $name);
diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php
index 5945bbd2fde..c0cc856d143 100644
--- a/apps/user_ldap/tests/AccessTest.php
+++ b/apps/user_ldap/tests/AccessTest.php
@@ -689,16 +689,13 @@ class AccessTest extends TestCase {
 	}
 
 	public function intUsernameProvider() {
-		// system dependent :-/
-		$translitExpected = @iconv('UTF-8', 'ASCII//TRANSLIT', 'fränk') ? 'frank' : 'frnk';
-
 		return [
 			['alice', 'alice'],
 			['b/ob', 'bob'],
 			['charly🐬', 'charly'],
 			['debo rah', 'debo_rah'],
 			['epost@poste.test', 'epost@poste.test'],
-			['fränk', $translitExpected],
+			['fränk', 'frank'],
 			[' gerda ', 'gerda'],
 			['🕱🐵🐘🐑', null],
 			[
@@ -732,9 +729,6 @@ class AccessTest extends TestCase {
 	 * @param $expected
 	 */
 	public function testSanitizeUsername($name, $expected) {
-		if ($name === 'fränk' && PHP_MAJOR_VERSION > 7) {
-			$this->markTestSkipped('Special chars do boom still on CI in php8');
-		}
 		if ($expected === null) {
 			$this->expectException(\InvalidArgumentException::class);
 		}

From 480056de88b3a8205ff584e4950a6c117f991737 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=B4me=20Chilliet?= <come.chilliet@nextcloud.com>
Date: Tue, 23 Nov 2021 09:10:38 +0100
Subject: [PATCH 2/2] Fix sanitizing regex and add a test case for uppercase in
 username
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I did not find any test data that would fail with the previous regex,
 but still added data with uppercase to at least test that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
---
 apps/user_ldap/lib/Access.php       | 4 ++--
 apps/user_ldap/tests/AccessTest.php | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
index d981bf0e54b..0af04747ded 100644
--- a/apps/user_ldap/lib/Access.php
+++ b/apps/user_ldap/lib/Access.php
@@ -1437,9 +1437,9 @@ class Access extends LDAPUtility {
 		$name = htmlentities($name, ENT_NOQUOTES, 'UTF-8');
 
 		// Remove accents
-		$name = preg_replace('#&([A-za-z])(?:acute|cedil|caron|circ|grave|orn|ring|slash|th|tilde|uml);#', '\1', $name);
+		$name = preg_replace('#&([A-Za-z])(?:acute|cedil|caron|circ|grave|orn|ring|slash|th|tilde|uml);#', '\1', $name);
 		// Remove ligatures
-		$name = preg_replace('#&([A-za-z]{2})(?:lig);#', '\1', $name);
+		$name = preg_replace('#&([A-Za-z]{2})(?:lig);#', '\1', $name);
 		// Remove unknown leftover entities
 		$name = preg_replace('#&[^;]+;#', '', $name);
 
diff --git a/apps/user_ldap/tests/AccessTest.php b/apps/user_ldap/tests/AccessTest.php
index c0cc856d143..c27477706ee 100644
--- a/apps/user_ldap/tests/AccessTest.php
+++ b/apps/user_ldap/tests/AccessTest.php
@@ -696,6 +696,7 @@ class AccessTest extends TestCase {
 			['debo rah', 'debo_rah'],
 			['epost@poste.test', 'epost@poste.test'],
 			['fränk', 'frank'],
+			[' UPPÉR Case/[\]^`', 'UPPER_Case'],
 			[' gerda ', 'gerda'],
 			['🕱🐵🐘🐑', null],
 			[