Check limit and offset parameters sent to controller

author Côme Chilliet <come.chilliet@nextcloud.com>

Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)

committer Côme Chilliet <come.chilliet@nextcloud.com>

Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)
author Côme Chilliet <come.chilliet@nextcloud.com>
Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)
committer Côme Chilliet <come.chilliet@nextcloud.com>
Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php

index 95778eff36640613058158bb892f14ff12b8e601..97d94ecb407d22741f5b324047e2ef0e88840f80 100644 (file)
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -246,6 +246,13 @@ class UsersController extends AUserData {
                 if ($currentUser === null) {
                         return new DataResponse(['users' => []]);
                 }
+               if ($limit !== null && $limit < 0) {
+                       throw new InvalidArgumentException("Invalid limit value: $limit");
+               }
+               if ($offset < 0) {
+                       throw new InvalidArgumentException("Invalid offset value: $offset");
+               }
+
                 $users = [];
  
                 // Admin? Or SubAdmin?
author	Côme Chilliet <come.chilliet@nextcloud.com>
	Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)
committer	Côme Chilliet <come.chilliet@nextcloud.com>
	Tue, 10 Oct 2023 08:43:18 +0000 (10:43 +0200)