summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristopher Ng <chrng8@gmail.com>2022-06-28 18:03:15 +0000
committerbackportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com>2022-07-06 20:57:29 +0000
commite218746c8c61c0c13b47f28541f82c44d6d4745d (patch)
treec917974463e8afd7dd81dad16ef93f6383c05de8
parentce983ec177f5d1a313de068b7cbcaf35cfb17af7 (diff)
downloadnextcloud-server-e218746c8c61c0c13b47f28541f82c44d6d4745d.tar.gz
nextcloud-server-e218746c8c61c0c13b47f28541f82c44d6d4745d.zip
Do not save invalid display name to the database
Signed-off-by: Christopher Ng <chrng8@gmail.com>
-rw-r--r--apps/provisioning_api/lib/Controller/UsersController.php4
-rw-r--r--lib/private/User/Database.php4
2 files changed, 7 insertions, 1 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index a26479ba0a8..839ac404c94 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -837,7 +837,9 @@ class UsersController extends AUserData {
switch ($key) {
case self::USER_FIELD_DISPLAYNAME:
case IAccountManager::PROPERTY_DISPLAYNAME:
- $targetUser->setDisplayName($value);
+ if (!$targetUser->setDisplayName($value)) {
+ throw new OCSException('Invalid displayname', 102);
+ }
break;
case self::USER_FIELD_QUOTA:
$quota = $value;
diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php
index 5dfc74163a7..79a01c55ed0 100644
--- a/lib/private/User/Database.php
+++ b/lib/private/User/Database.php
@@ -209,6 +209,10 @@ class Database extends ABackend implements
* Change the display name of a user
*/
public function setDisplayName(string $uid, string $displayName): bool {
+ if (mb_strlen($displayName) > 64) {
+ return false;
+ }
+
$this->fixDI();
if ($this->userExists($uid)) {