From: Josh Richards <josh.t.richards@gmail.com>
Date: Thu, 30 Mar 2023 15:59:13 +0000 (-0400)
Subject: Trim the user/email provided for password resets
X-Git-Tag: v27.0.0beta1~226^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=203b9131ec895cafbb10e9c2aacd6b2c45e6b9f4;p=nextcloud-server.git

Trim the user/email provided for password resets

Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
---

diff --git a/core/Controller/LostController.php b/core/Controller/LostController.php
index 044535c345b..36b8dca6ddb 100644
--- a/core/Controller/LostController.php
+++ b/core/Controller/LostController.php
@@ -208,7 +208,7 @@ class LostController extends Controller {
 
 		// FIXME: use HTTP error codes
 		try {
-			$this->sendEmail($user);
+			$this->sendEmail(trim($user));
 		} catch (ResetPasswordException $e) {
 			// Ignore the error since we do not want to leak this info
 			$this->logger->warning('Could not send password reset email: ' . $e->getMessage());