From 587b4091a06f44473b856e2ea8e18cc9ae936b4f Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 16:49:34 +0100
Subject: [PATCH 1/3] use decoded path to check app whitelist

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/AppWhitelist.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/AppWhitelist.php b/lib/AppWhitelist.php
index 5df26519..02e6dfbc 100644
--- a/lib/AppWhitelist.php
+++ b/lib/AppWhitelist.php
@@ -113,7 +113,7 @@ public function isUrlAllowed(IUser $user, $url): bool {
 	}
 
 	public function verifyAccess(IUser $user, IRequest $request): void {
-		if (!$this->isUrlAllowed($user, $request->getRawPathInfo())) {
+		if (!$this->isUrlAllowed($user, $request->getPathInfo())) {
 			header('HTTP/1.0 403 Forbidden');
 			Template::printErrorPage($this->l10n->t(
 				'Access to this resource is forbidden for guests.'

From 619f28557b7df8991721346349404eab54634d50 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 16:52:21 +0100
Subject: [PATCH 2/3] fix permissions for whitelist reset

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/Controller/SettingsController.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 8ee46387..52cf4a4f 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -96,7 +96,6 @@ public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExter
 	 * We do not set the whitelist to null when it is unused. This is by design.
 	 * It allows remembering the whitelist throughout changes.
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse with the current whitelist config
 	 */
 	public function getWhitelist(): DataResponse {
@@ -111,7 +110,6 @@ public function getWhitelist(): DataResponse {
 	/**
 	 * AJAX handler for resetting the whitelisted apps
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse with the reset whitelist
 	 */
 	public function resetWhitelist(): DataResponse {

From 76bf8c057d8172202f3c839be6c39302a8d4c5fc Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 17:01:46 +0100
Subject: [PATCH 3/3] 2.4.1

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appinfo/info.xml b/appinfo/info.xml
index af44a372..0077a025 100755
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -9,7 +9,7 @@
 Guests accounts can be created from the share menu by entering either the recipients email or name and choosing "create guest account", once the share is created the guest user will receive an email notification about the mail with a link to set their password.
 
 Guests users can only access files shared to them and cannot create any files outside of shares, additionally, the apps accessible to guest accounts are whitelisted.]]></description>
-	<version>2.4.0</version>
+	<version>2.4.1</version>
 	<licence>agpl</licence>
 	<author>Nextcloud</author>
 	<types>