diff options
| author | Christopher Ng <chrng8@gmail.com> | 2022-06-28 18:03:15 +0000 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-07-06 20:57:29 +0000 |
| commit | e218746c8c61c0c13b47f28541f82c44d6d4745d (patch) | |
| tree | c917974463e8afd7dd81dad16ef93f6383c05de8 | |
| parent | ce983ec177f5d1a313de068b7cbcaf35cfb17af7 (diff) | |
| download | nextcloud-server-e218746c8c61c0c13b47f28541f82c44d6d4745d.tar.gz nextcloud-server-e218746c8c61c0c13b47f28541f82c44d6d4745d.zip | |
Do not save invalid display name to the database
Signed-off-by: Christopher Ng <chrng8@gmail.com>
| -rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 4 | ||||
| -rw-r--r-- | lib/private/User/Database.php | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index a26479ba0a8..839ac404c94 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -837,7 +837,9 @@ class UsersController extends AUserData { switch ($key) { case self::USER_FIELD_DISPLAYNAME: case IAccountManager::PROPERTY_DISPLAYNAME: - $targetUser->setDisplayName($value); + if (!$targetUser->setDisplayName($value)) { + throw new OCSException('Invalid displayname', 102); + } break; case self::USER_FIELD_QUOTA: $quota = $value; diff --git a/lib/private/User/Database.php b/lib/private/User/Database.php index 5dfc74163a7..79a01c55ed0 100644 --- a/lib/private/User/Database.php +++ b/lib/private/User/Database.php @@ -209,6 +209,10 @@ class Database extends ABackend implements * Change the display name of a user */ public function setDisplayName(string $uid, string $displayName): bool { + if (mb_strlen($displayName) > 64) { + return false; + } + $this->fixDI(); if ($this->userExists($uid)) { |