Do not save invalid display name to the database

Signed-off-by: Christopher Ng <chrng8@gmail.com>

diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index a26479ba0a8f2e3d21400fe5ea7446d97fed2462..839ac404c947b419815c00049988886b437a246a 100644 (file)
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -837,7 +837,9 @@ class UsersController extends AUserData {
                switch ($key) {
                        case self::USER_FIELD_DISPLAYNAME:
                        case IAccountManager::PROPERTY_DISPLAYNAME:
-                               $targetUser->setDisplayName($value);
+                               if (!$targetUser->setDisplayName($value)) {
+                                       throw new OCSException('Invalid displayname', 102);
+                               }
                                break;
                        case self::USER_FIELD_QUOTA:
                                $quota = $value;

diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index a9464c27085674147cbf2977e782fb4355c00605..1470409c862fa30e074e3ea52f4ec976981e7530 100644 (file)
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -215,6 +215,10 @@ class Database extends ABackend implements
         * Change the display name of a user
         */
        public function setDisplayName(string $uid, string $displayName): bool {
+               if (mb_strlen($displayName) > 64) {
+                       return false;
+               }
+
                $this->fixDI();
 
                if ($this->userExists($uid)) {