From 7271ec7acf0e10a7cad62a078cb1dc4f4be7c30d Mon Sep 17 00:00:00 2001 From: Simon L Date: Wed, 23 Nov 2022 14:42:23 +0100 Subject: [PATCH] spaces are allowed in userids Signed-off-by: Simon L --- apps/user_ldap/lib/Access.php | 5 +---- lib/private/User/Manager.php | 4 ++-- tests/lib/User/ManagerTest.php | 18 +++++++++--------- 3 files changed, 12 insertions(+), 15 deletions(-) diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php index 1cc0c62ff1d..45ab3c42399 100644 --- a/apps/user_ldap/lib/Access.php +++ b/apps/user_ldap/lib/Access.php @@ -1369,11 +1369,8 @@ class Access extends LDAPUtility { // Remove unknown leftover entities $name = preg_replace('#&[^;]+;#', '', $name); - // Replacements - $name = str_replace(' ', '_', $name); - // Every remaining disallowed characters will be removed - $name = preg_replace('/[^a-zA-Z0-9_.@-]/u', '', $name); + $name = preg_replace('/[^a-zA-Z0-9 _.@-]/u', '', $name); if (strlen($name) > 64) { $name = hash('sha256', $name, false); diff --git a/lib/private/User/Manager.php b/lib/private/User/Manager.php index 82fc4d818ad..937d825ed77 100644 --- a/lib/private/User/Manager.php +++ b/lib/private/User/Manager.php @@ -714,10 +714,10 @@ class Manager extends PublicEmitter implements IUserManager { $l = Server::get(IFactory::class)->get('lib'); // Check the name for bad characters - // Allowed are: "a-z", "A-Z", "0-9" and "_.@-'" + // Allowed are: "a-z", "A-Z", "0-9", spaces and "_.@-'" if (preg_match('/[^a-zA-Z0-9 _.@\-\']/', $uid)) { throw new \InvalidArgumentException($l->t('Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"')); + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"')); } // No empty username diff --git a/tests/lib/User/ManagerTest.php b/tests/lib/User/ManagerTest.php index ec8d931426c..19013c62be7 100644 --- a/tests/lib/User/ManagerTest.php +++ b/tests/lib/User/ManagerTest.php @@ -309,23 +309,23 @@ class ManagerTest extends TestCase { public function dataCreateUserInvalid() { return [ ['te?st', 'foo', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\tst", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\nst", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\rst", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\0st", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\x0Bst", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\xe2st", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\x80st", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ["te\x8bst", '', 'Only the following characters are allowed in a username:' - . ' "a-z", "A-Z", "0-9", and "_.@-\'"'], + . ' "a-z", "A-Z", "0-9", spaces and "_.@-\'"'], ['', 'foo', 'A valid username must be provided'], [' ', 'foo', 'A valid username must be provided'], [' test', 'foo', 'Username contains whitespace at the beginning or at the end'], -- 2.39.5