owncloud · micbar · Mar 6, 2020 · Dec 19, 2019 · Dec 23, 2019 · Feb 27, 2020
diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -25,7 +25,7 @@ More information is available in the [LDAP User and Group Backend documentation]
 	<screenshot>https://raw.githubusercontent.com/owncloud/screenshots/master/user_ldap/ownCloud-app-ldap-user-management.jpg</screenshot>
 	<dependencies>
 		<lib>ldap</lib>
-		<owncloud min-version="10.2" max-version="10" />
+		<owncloud min-version="10.4" max-version="10" />
 	</dependencies>
 
 	<namespace>User_LDAP</namespace>

diff --git a/lib/Access.php b/lib/Access.php
@@ -1264,8 +1264,8 @@ public function sanitizeUsername($name) {
 		// Replacements
 		$name = \str_replace(' ', '_', $name);
 
-		// Every remaining disallowed characters will be removed
-		$name = \preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name);
+		// All remaining disallowed characters will be removed
+		$name = \preg_replace('/[^a-zA-Z0-9+_.@-]/u', '', $name);
 
 		return $name;
 	}

diff --git a/templates/settings.php b/templates/settings.php
@@ -115,7 +115,7 @@
 	</fieldset>
 	<fieldset id="ldapSettings-2">
 		<p><strong><?php p($l->t('Internal Username'));?></strong></p>
-		<p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9_.@- ].  Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. To achieve a similar behavior as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p>
+		<p class="ldapIndent"><?php p($l->t('By default the internal username will be created from the UUID attribute. It makes sure that the username is unique and characters do not need to be converted. The internal username has the restriction that only these characters are allowed: [ a-zA-Z0-9+_.@- ].  Other characters are replaced with their ASCII correspondence or simply omitted. On collisions a number will be added/increased. The internal username is used to identify a user internally. It is also the default name for the user home folder. It is also a part of remote URLs, for instance for all *DAV services. With this setting, the default behavior can be overridden. To achieve a similar behavior as before ownCloud 5 enter the user display name attribute in the following field. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users.'));?></p>
 		<p class="ldapIndent"><label for="ldap_expert_username_attr"><?php p($l->t('Internal Username Attribute:'));?></label><input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" /></p>
 		<p><strong><?php p($l->t('Override UUID detection'));?></strong></p>
 		<p class="ldapIndent"><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.'));?></p>

diff --git a/tests/unit/AccessTest.php b/tests/unit/AccessTest.php
@@ -63,6 +63,27 @@ public function setUp(): void {
 		$this->access = new Access($this->connection, $this->manager);
 	}
 
+	/**
+	 * @dataProvider sanitizeUsernameDataProvider
+	 * @param $input string
+	 * @param $expected string
+	 */
+	public function testSanitizeUsername($input, $expected) {
+		$this->assertSame($expected, $this->access->sanitizeUsername($input));
+	}
+
+	public function sanitizeUsernameDataProvider() {
+		return [
+			['John-Smith', 'John-Smith'],
+			['[email protected]', '[email protected]'],
+			['[email protected]', '[email protected]'],
+			['John_Smith', 'John_Smith'],
+			['John Smith', 'John_Smith'],
+			['John#Smith', 'JohnSmith'],
+			['John.Smith(CEO)', 'John.SmithCEO'],
+		];
+	}
+
 	/**
 	 * @dataProvider escapeFilterPartDataProvider
 	 * @param $input string