Skip to content

[Bug]: Android client sends unencoded WebDAV URI for paths with spaces/special chars - download fails (curl reproducer attached) #57270

New issue
New issue
Open
Bug
Open
[Bug]: Android client sends unencoded WebDAV URI for paths with spaces/special chars - download fails (curl reproducer attached)#57270
Bug
Labels
0. Needs triagePending check for reproducibility or if it fits our roadmapbugneeds info
@Mis1ify

Description

@Mis1ify
Mis1ify
opened on Dec 27, 2025

⚠️ This issue respects the following points: ⚠️

Bug description

I can't download anything from my Nextcloud instance which has spaces in it using WebDAV Protocol, so including nextcloud app client. It's not related specifically to the app tho, so I'm posting the issue here. Here is terminal output of using curl for the file.

Inserting:

curl -v -u user:pass 'http://192.168.1.140/remote.php/dav//files/Mistify/InstantUpload/MLP/MISTY <3/n0eqp1td2ar91.jpg' -o output.jpg

results:

URL rejected: Malformed input to a URL function * closing connection #-1 curl: (3) URL rejected: Malformed input to a URL function

And inserting:

curl -v -u user:pass 'http://192.168.1.140/remote.php/dav//files/Mistify/InstantUpload/MLP/MISTY%20%3C3/n0eqp1td2ar91.jpg' -o output.jpg

works and downloads the file.

Downloading files from the nextcloud webui opened in phone's browser works flawlessly because it's not using webdav.

Steps to reproduce

  1. Create a folder with space or special character.
  2. Put some files in it, etc. pictures with/without spaces in name, doesn't matter.
  3. Try to download it using the Nextcloud app/WebDAV protocol.

Expected behavior

Files should be downloaded regardless of spaces in the folder's name.

Nextcloud Server version

31

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "192.168.1.140",
            "<removed for privacy>"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.12.3",
        "overwrite.cli.url": "https:\/\/<removed for privacy>",
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "<removed for privacy>",
        "overwriteprotocol": "https",
        "overwritecondaddr": "^192\\.168\\.1\\.112$",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "default_phone_region": "PL",
        "installed": true,
        "filelocking.enabled": true,
        "memcache.local": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "timeout": 0
        },
        "log_type": "file",
        "logfile": "\/mnt\/media\/Nextcloud-NG\/nextcloud.log",
        "loglevel": 2,
        "preview_ffmpeg_path": "\/usr\/bin\/ffmpeg",
        "preview_libreoffice_path": "\/usr\/bin\/libreoffice",
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\AVI",
            "OC\\Preview\\BMP",
            "OC\\Preview\\Font",
            "OC\\Preview\\GIF",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\Image",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\Krita",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\MKV",
            "OC\\Preview\\Movie",
            "OC\\Preview\\MP3",
            "OC\\Preview\\MP4",
            "OC\\Preview\\OpenDocument",
            "OC\\Preview\\PDF",
            "OC\\Preview\\PNG",
            "OC\\Preview\\SVG",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\TXT",
            "OC\\Preview\\XBitmap"
        ],
        "maintenance": false,
        "maintenance_window_start": 1,
        "theme": "",
        "trashbin_retention_obligation": "auto, 30",
        "check_data_directory_permissions": false,
        "memories.db.triggers.fcu": true,
        "memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
        "memories.vod.disable": false,
        "memories.vod.vaapi": true,
        "memories.vod.use_transpose": true,
        "memories.vod.use_transpose.force_sw": true
    }
}

List of activated Apps

Enabled:
  - app_api: 5.0.2
  - bruteforcesettings: 4.0.0
  - calendar: 5.5.10
  - circles: 31.0.0
  - cloud_federation_api: 1.14.0
  - comments: 1.21.0
  - contactsinteraction: 1.12.1
  - dav: 1.33.0
  - federatedfilesharing: 1.21.0
  - files: 2.3.1
  - files_downloadlimit: 4.0.0
  - files_pdfviewer: 4.0.0
  - files_sharing: 1.23.2
  - files_trashbin: 1.21.0
  - files_versions: 1.24.0
  - firstrunwizard: 4.0.0
  - logreader: 4.0.0
  - lookup_server_connector: 1.19.0
  - memories: 7.7.0
  - notes: 4.12.4
  - notifications: 4.0.0
  - oauth2: 1.19.1
  - password_policy: 3.0.0
  - privacy: 3.0.0
  - profile: 1.0.0
  - provisioning_api: 1.21.0
  - recognize: 9.0.9
  - recommendations: 4.0.0
  - related_resources: 2.0.0
  - richdocuments: 8.7.7
  - richdocumentscode: 25.4.702
  - serverinfo: 3.0.0
  - settings: 1.14.0
  - suspicious_login: 9.0.1
  - systemtags: 1.21.1
  - text: 5.0.2
  - theming: 2.6.1
  - twofactor_backupcodes: 1.20.0
  - twofactor_totp: 13.0.0-dev.0
  - updatenotification: 1.21.0
  - viewer: 4.0.0
  - webhook_listeners: 1.2.0
  - workflowengine: 2.13.0
Disabled:
  - activity: 4.0.0 (installed 3.0.0)
  - admin_audit: 1.21.0
  - dashboard: 7.11.0 (installed 7.10.0)
  - encryption: 2.19.0
  - federation: 1.21.0 (installed 1.20.0)
  - files_external: 1.23.0
  - files_reminders: 1.4.0 (installed 1.3.0)
  - keeporsweep: 0.3.0 (installed 0.3.0)
  - nextcloud_announcements: 3.0.0 (installed 2.0.0)
  - photos: 4.0.0 (installed 3.0.2)
  - sharebymail: 1.21.0 (installed 1.20.0)
  - support: 3.0.0 (installed 2.0.0)
  - survey_client: 3.0.0 (installed 2.0.0)
  - twofactor_nextcloud_notification: 5.0.0
  - user_ldap: 1.22.0
  - user_status: 1.11.0 (installed 1.10.0)
  - weather_status: 1.11.0 (installed 1.10.0)

Nextcloud Signing status

No errors have been found.

Nextcloud Logs

Nextcloud logs show nothing, even with enabled debug+info options on that period of time.

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    0. Needs triagePending check for reproducibility or if it fits our roadmapbugneeds info

    Type

    Bug

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions