From d8eb59de51cf9e7202ba828bbfd40accdd476840 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 16:49:34 +0100
Subject: [PATCH 1/3] use decoded path to check app whitelist

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/AppWhitelist.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/AppWhitelist.php b/lib/AppWhitelist.php
index 5df26519..02e6dfbc 100644
--- a/lib/AppWhitelist.php
+++ b/lib/AppWhitelist.php
@@ -113,7 +113,7 @@ public function isUrlAllowed(IUser $user, $url): bool {
 	}
 
 	public function verifyAccess(IUser $user, IRequest $request): void {
-		if (!$this->isUrlAllowed($user, $request->getRawPathInfo())) {
+		if (!$this->isUrlAllowed($user, $request->getPathInfo())) {
 			header('HTTP/1.0 403 Forbidden');
 			Template::printErrorPage($this->l10n->t(
 				'Access to this resource is forbidden for guests.'

From 6fc59177fd67b79d12c0c3aa62977aa7842c67cd Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 16:52:21 +0100
Subject: [PATCH 2/3] fix permissions for whitelist reset

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 lib/Controller/SettingsController.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index 8ee46387..52cf4a4f 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -96,7 +96,6 @@ public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExter
 	 * We do not set the whitelist to null when it is unused. This is by design.
 	 * It allows remembering the whitelist throughout changes.
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse with the current whitelist config
 	 */
 	public function getWhitelist(): DataResponse {
@@ -111,7 +110,6 @@ public function getWhitelist(): DataResponse {
 	/**
 	 * AJAX handler for resetting the whitelisted apps
 	 *
-	 * @NoAdminRequired
 	 * @return DataResponse with the reset whitelist
 	 */
 	public function resetWhitelist(): DataResponse {

From abe202af21b5c76c60c63de3c6b336794d3cba63 Mon Sep 17 00:00:00 2001
From: Robin Appelman <robin@icewind.nl>
Date: Thu, 7 Dec 2023 17:01:31 +0100
Subject: [PATCH 3/3] 3.0.1

Signed-off-by: Robin Appelman <robin@icewind.nl>
---
 appinfo/info.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/appinfo/info.xml b/appinfo/info.xml
index ce099086..476a5ffe 100755
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@@ -9,7 +9,7 @@
 Guests accounts can be created from the share menu by entering either the recipients email or name and choosing "create guest account", once the share is created the guest user will receive an email notification about the mail with a link to set their password.
 
 Guests users can only access files shared to them and cannot create any files outside of shares, additionally, the apps accessible to guest accounts are whitelisted.]]></description>
-	<version>3.0.0</version>
+	<version>3.0.1</version>
 	<licence>agpl</licence>
 	<author>Nextcloud</author>
 	<types>