Avoid to leak a user ID that is not a string to reach a user backend

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

core/Controller/LoginController.php

@@ -142,6 +142,10 @@ class LoginController extends Controller {
 	 * @return TemplateResponse|RedirectResponse
 	 */
 	public function showLoginForm($user, $redirect_url) {
+		if (!is_string($user)) {
+			throw new \InvalidArgumentException('User needs to be string');
+		}
+
 		if ($this->userSession->isLoggedIn()) {
 			return new RedirectResponse(OC_Util::getDefaultPageUrl());
 		}